From 13456fed63d91eef631c1ffda4a5dfe45664b30c Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Sat, 13 Oct 2018 20:07:56 -0400 Subject: [PATCH 01/52] Update to fix #52. --- Database_Baseline.zip | Bin 1192868 -> 1193012 bytes inc/database.inc | 73 ++++++++++++++---------------------------- ste/stats.php | 1 - 3 files changed, 24 insertions(+), 50 deletions(-) diff --git a/Database_Baseline.zip b/Database_Baseline.zip index c7e0512a66aa3de90804639765f0d47a25fa9794..cf21074b30604b85126230bc1564f5a97ed23731 100644 GIT binary patch delta 3009 zcmV;y3qJIu=SZ~ZNPvU^gaU*Egam{Iga(8Mgb0KQgbIWUgbaiYgbsucgb;)gv=UYV ze>9R!O-(Nh$<+z~0FPS$02KfL0CQnyVPk1@d0%pGb#!TNWpgfbacu1zYmbva@UxfP zf7lNuZIfy|-|-b|%PCr^_TlRbAf+dfmI}0bG5&XFAFwarX!WY6CAll?&SQ6Hc6OLq zc9r-jaZg+?NKfw{9$dMCUY?F#_tA7Ue_x`bYgdnMAk+(zG!8zZTUYN~J-X9IvnWPy zgT?KesQK;gZTt4k7Dgn<&!Qx~hvuirm+)#Bd2Wc{>ba@=(M|k&IVS>pWvh#zj{JD- z#|ZwCAX;3)4ZD8rN*J9S9vmKwj4^sV==bdIv(B*79UDU%itKLRG_3K%$B&DOfA5!~ z4UN&HKORv$y<9>Z^!uH$Ik4c)vWzai1-znShGunM8Y8qyXLm(96U%%(F`ykr_XTDw zJ-3lueNDtX9t;ihsb#+~-g9)JFsC7x>4ZQ9?3aU{0qEIn8|8%!YhZUK{A4aNp;Kz0v&vs=n8e^;BaKVL?%8=sgL)-$3RuGTxb^@koTb&p_Uo#@k|utig%9_NTU&*j^a;ixlDOA$t7S z`{c&1m-?}t01mBWI7L-}!$jE~8lAC0IE(yHXM{#ZA5;Jx9-t%q=md+@e-5TjJ1>wP zFrN4rM`XIfbIRQWmIC{@M-g1c;|iLQsj}P#+XTf3$fBINwmWtq#&?^9UIcG(-g<|(Uea;2S3%qEd6s4z2UzA81 zoTzxd_t^%-6k3!B73+DTDA6Y{2zDBzp-3@3$!rKOP}K$ZMm8Y1@mY!)9d$de?BPmsV=X^PRteDl1rZ$w3pd<2(6wC@f2)p2IAZK4t1wN<5izxQ=!DPX|MD{Osk! ziPbZXP0Q#V9?+ZNL+7ji(Ru8A{{-Re9}bRMf);is0RJ8_n8SmD=pN_^TurXA>~faN zBy_H3!9FSQeh6PbXcA3Y`CWEK;3_W<1@i049 z$F^``i(v3e!cgjT=JJd4B4um7+ zoaLNIu|00$J{4Kstj!L&VP;n!|A(ZS8(y6dX#%nFG8Iys(a0$LQ$|a9A+F)%*3SOy z&DMFFEma)cZmDLAWEH6XN_hw!0J_0J$de94f3g!&u0oyMdB!47UueFy2Y!H>#wbp0 zaHKV$ump#i?4TEYOT8*3JqoiR^de~wHY_|Vq5*JQ#q%UOP!?CnV+?xBa#rL?1(;D9 zj+!x%fpR~VyRjM@P6yv8PPIA0{&SO1$~1?C7NJF&E8l?ka5VI>x$vhAR>_-#h0WrU zf33145xpwB*{8$7PDv*z(+5)^rL zy{O$*@IGmJ(y?b@hurO`&bgvji-4w2Y){8V>zaFa5< zMi0ppX9awGIPH>`FLqHYK%6mZb#f54e_%6rO$19lws_;as~C&51mEV1cQGM{Ok#%5 z<}*bm#K^QScOP&kc~k5#iaxKF4jBPPk_|=o(6hs8vR~VTwql@3<;x^8#dJ9z+KO^ z!etZ&-lzMMNnCH~Lx#3G*>A?GRn%n2aD zcY2SvE;L(cXpARAYlI*#);v0bA$(#yHLb$~T8@q;$b9Gx>2_LFX;{BqqNT8!i(4!{N0t-8B%%?e|y8e7t=bVR1`W8 zy8obu+@e|f)s1}zPj0qC6TT7K=*%X4Wz^0m0e5PBI0^nbL2CYk9d~tK8aDf4ZodGZ z_X4cQRc|odahEfDRqrtW@=J`;w362s{(?h+`8e)k z)6VY-^q@9ZMtCS>e|%9w{q>Fe*`MP6mJe(9CVm$to`_{{<@Z+pKe6%~MZo?)`_8}B z-|}<(z12Q%s|^y+4D=?u$K)M<{5XTs&3pWS1MTZ&zK0BYex#XUGqb(rNY^tY88OGK z#=g;N1290tPXi`?cJ@NOXvV*|jVqIWt5tOJL_WX`Qft+Ze=ru0m6L#?z&|^NV=I2| z-oK0}zN&~$T=GrPd;{|Y-KOl3ANqsEkLXaB(a7$aFbD3Y)GNb z-Y-Jq;(V_TnEY^H>HJ_yw&=LwlJklgf^q~hKNVR9D?H)3^z3Jjq@UwVv8s-EE;`1U zVpSaQ%+EWP6i-EFE&%G`W466$z6|};pB^6k1h>Qt5|AVgG?GnCO)m_|)d~Ork6V{w zF%mTw$vD!DLSxhclL@?#L1WYblL@?#L1WaHt}zlT15^zXm*ET&7MJod5>5f3mq9WT zK?A`P5|>UB5*nAEG7>5SvKkVXKN=Dnm*+APDgsz1mlHD*L;@Zvmsv9sMFzbs5&!@I D_?4ZV delta 2864 zcmV-03(xel=t!jJNPvU^gaU*Egam{Iga(8Mgb0KQgbIWUgbaiYgbsucgb;)gv=UYV ze+gSfObzd4CPfMW03cET02KfL0CQnyVPk1@d0%pGb#!TNWpgfbacu1zX|vKW@UzbN zAL1v(L4A0S`WzAZw2DPJyuOrL%ClpkNDJyX{&zP=lQc<7!CUCed$gO~&F0!GZB|Ku z67SUW!}QDDb7wDILeIVoUUbo9HCv$Of6?XUHH120k}kt{=*Hz+mz%d5Xc{lkt8jkv zI=b-r_D%QZ^*Sab#E;`7y@O_7l8@2lDE7Sw!PW6n@12(fcX&+%_tH)mAsqzEb+AP6 zmxS^B3>NI_(WNLpJ$Lrp*((>%Uq5OdHPOHtq6fWh$8A4u^;_+s)pr5pw!60Fe+-Ww zJTQUL#VdC=v*=rcQFl0?Jal*=lU}#m8rnSv?i|Nz<6Gci0vlL3t!LH%tqDq6^BOhrJ0e>1~kpAk4fO`mPcc0P_X#LuvQtFgJI;g#7!vUaGvBf8%@Ef~+(+vAkHK znEEIsE7Dt~vA&RJf8JaNP9VxP*qH@h%}rYHTh=5~5S7;@!{26YGLk>JKA8wRu2D^A zCjsOVATgmU+TGW3^QRRX+s88$v}C*jj76HOpMdjzy^ zG8{n&l%^~Uf6Pv}E{Ju)uJK}#MB~d@QYM$6$zuUhhF~njRgq$Hrz5abj-1ue#SrNo zL$-%q_Q{0{44-ONbnkvvhuv~ou7iPfLLsgkg;J&ybG2PiF-tP>syW15uPDx!s&My=up}oakZQdrH&Lz0ioTnQ7y@uOgA1I$#Ysw*VkLBIHRTp9$VNj zC8b!=f08Lw2Ya?J_DmW0601gVxxEr`n}#6r)A@9@j>^;4Jeh1nlXKZhZd*qdIc`1U zO)nx+X0+5CxQ<71;aO5#FIJP|=7hN*;x*?J=w?%K0k_Fy6f&8|Dc1`^pJLf9LPf2xkWP^qd$B^htJv~oFe9RZpuP{@;x zL^9{OJi4lPcs8A<*0qSl2k%Kuv76KGf@lpSEcvb`;^{>*3YT*Ud1Hp2UL+;YxbO8SWiy9m ze;7d`EdZ)P&II)XtfGQRjTH)U@L;p_WW8tugI*;uz@vU|^c=sx0y!KI%mK>S3ibvO$1C735E zqoqFcEAZWAOvNO@x7@EVGa8dc%;?#Aro@C9S@y-A4Q`|m#f{?l!)h@mJ-}G9&fqwC z$x1kL-43^m7tF(wjy8s`Q`!VZAlg^oRBg750g`!baK}5RNQs!)QcIBc01H}Df5zlA zjwX{Z`2c*@8K3nIe8`}|z6-qhHzrSv8B?K!toU+858ud!wV{~4M$URrx?aCy^?^=9 zJ+ZBB=YnitRXq&*Mk_C>so>CC&otm7jza&727VXJ{r59(`JuL--Zg!FU>66QQXYKl zz4Wo^;2+%Vf5FZElMZe*7hm<>f47eTbQgaIAM@a5AKYxs%l`Au?RZ+%ldI^yPd9t- z2WMAzcFVT*@XjT1RV(f9Wx-hGojp@%S6O$Y{>D%z^WArM*Dr46E&U(9bM|Ip)qOsh z=CI4RSN<{|_A*a7Eq);-?+R*e;ASVV-5WW=ysK(0|DtV?eUvQA4#_83e*@_@@J9`6 zrc$dIwI53y6&O-omlDi<)Q!?h#}zfBL~+oI`=S@6K`(jpfh;5PzC+2o55C70r1BQ~ zPf@SQCoIAz7bZJ@kuOeE4&wcH?QM90rboLK!!+oww{y7;McHY_rXn-x?O5PZsX-iVrIF@0P@7<1uP#3g6DOd@<40 zj3`gYDa)y^)f<2e*zi*W6_b7ISX#dP`4e2aVt!AKuTHh6hYHL zfvoPTX9yaP4=g-bP(M6RIv_89jGpj#PzRs;=*P1~6r{oA1Kio~w^R)hkR%QXTSZI_ z?`0-M3IG5gQkU{E5;Yf}jpoFip3?yW$CylliPHfB$CylliPM)pG7>8T#0(ObaSaj{ zmx3}9P5}{@(J~T212Gd4m);W+8ka9K5-I~C8WNY!8WJ0qcQX~zpqcajj0*)z{ O=`#{V1}!ZT0002ExMJ4; diff --git a/inc/database.inc b/inc/database.inc index 790d5b7..95b225d 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -9850,65 +9850,40 @@ class db */ public function get_Cat_Count(ste_cat &$cat) { - $op = (empty($cat->get_ID()) ? IS : '='); - $value = ($op == IS ? null : $cat->get_ID()); - $this->help->select("get_pdi_count", ["SUM(`pdi_count`) AS 'total'"], [ - [ + $where = []; + if($cat->get_ID()) { + $where[] = [ 'field' => 'cat_id', - 'op' => $op, - 'value' => $value - ] - ]); - $rows = $this->help->execute(); - - if (is_array($rows) && isset($rows['total'])) { - $cat->total = $rows['total']; - $cat->nr = $rows['total']; + 'value' => $cat->get_ID() + ]; } else { - $cat->total = 0; + $where[] = [ + 'field' => 'ste_id', + 'value' => $cat->get_STE_ID() + ]; } + $this->help->select("target", ['cat_1', 'cat_2', 'cat_3', 'closed', 'not_applicable', 'not_reviewed'], $where); - $this->help->select("get_finding_count", ['status', "SUM(`finding_count`) AS 'finding_count'"], [ - [ - 'field' => 'cat_id', - 'op' => $op, - 'value' => $value - ] - ], [ - 'group' => 'status' - ]); $rows = $this->help->execute(); - - if (is_array($rows) && count($rows) && isset($rows['status'])) { - $rows = [0 => $rows]; + if(is_array($rows) && count($rows) && isset($rows['cat_1'])) { + $cat->open += $rows['cat_1'] + $rows['cat_2'] + $rows['cat_3']; + $cat->na += $rows['not_applicable']; + $cat->nf += $rows['closed']; + $cat->nr += $rows['not_reviewed']; } - - if (is_array($rows) && count($rows) && isset($rows[0])) { - foreach ($rows as $row) { - $cat->nr -= $row['finding_count']; - if ($row['status'] == 'Not Reviewed') { - $cat->nr += ($row['finding_count'] * 2); // to account for what was just subtracted - } - elseif ($row['status'] == 'Not a Finding' || $row['status'] == 'False Positive') { - $cat->nf += $row['finding_count']; - } - elseif ($row['status'] == 'Open' || $row['status'] == 'Exception') { - $cat->open += $row['finding_count']; - } - elseif ($row['status'] == 'Not Applicable') { - $cat->na += $row['finding_count']; - } + elseif(is_array($rows) && count($rows) && isset($rows[0])) { + foreach($rows as $r) { + $cat->open += $r['cat_1'] + $r['cat_2'] + $r['cat_3']; + $cat->na += $r['not_applicable']; + $cat->nf += $r['closed']; + $cat->nr += $r['not_reviewed']; } } - $this->help->select_count("target", [ - [ - 'field' => 'cat_id', - 'op' => $op, - 'value' => $value - ] - ]); + $cat->total = $cat->open + $cat->na + $cat->nf + $cat->nr; + + $this->help->select_count("target", $where); $cat->tgt_count = $this->help->execute(); } diff --git a/ste/stats.php b/ste/stats.php index f6e90c7..fbe6bb2 100644 --- a/ste/stats.php +++ b/ste/stats.php @@ -175,7 +175,6 @@ if ($ste_id) { } include_once "header.inc"; - ?> From 479c34ca5d8eec352e88168cdae8288fb891725a Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Sat, 13 Oct 2018 20:15:37 -0400 Subject: [PATCH 02/52] I believe this should fix #51. --- inc/database.inc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/database.inc b/inc/database.inc index 95b225d..6c4d56c 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -11037,7 +11037,11 @@ class db ]); $tgts = $this->help->execute(); - if (is_array($tgts) && count($tgts)) { + if(is_array($tgts) && count($tgts) && isset($tgts['id'])) { + $tgts = [0 => $tgts]; + } + + if (is_array($tgts) && count($tgts) && isset($tgts[0])) { foreach ($tgts as $tgt) { $this->help->query_type = db_helper::INSERT; $this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " . From fc22e6875e5242aa0bb2f089d9317ef47d82654b Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Tue, 16 Oct 2018 12:24:10 -0400 Subject: [PATCH 03/52] Fix for #49 --- exec/export-ckl.php | 24 +++++++++++++----------- inc/array2xml.inc | 4 ++++ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 7022b80..9a56d9a 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -59,6 +59,16 @@ else { print "Destination: $dest" . PHP_EOL; +$status_map = [ + 'Not Reviewed' => 'Not_Reviewed', + 'Not a Finding' => 'NotAFinding', + 'Open' => 'Open', + 'Not Applicable' => 'Not_Applicable', + 'No Data' => 'Not_Reviewed', + 'Exception' => 'Open', + 'False Positive' => 'NotAFinding' +]; + $xml = new Array2XML(); $xml->standalone = true; $xml->formatOutput = true; @@ -110,6 +120,7 @@ if ($tgt_count = count($tgts)) { } $arr = [ + '@comment' => "CyberPerspectives Sagacity v" . VER, 'ASSET' => [ 'ASSET_TYPE' => 'Computing', 'HOST_NAME' => $tgt->get_Name(), @@ -306,20 +317,11 @@ if ($tgt_count = count($tgts)) { ] ], $cci_list); - $status = "Not_Reviewed"; + $status = 'Not_Reviewed'; $notes = ''; if (is_a($find, 'finding')) { - $status = $find->get_Finding_Status_String(); - if ($status == 'Not a Finding' || $status == 'False Positive') { - $status = "NotAFinding"; - } - elseif($status == 'Exception') { - $status = 'Open'; - } - else { - $status = str_replace(" ", "_", $status); - } + $status = $status_map[$find->get_Finding_Status_String()]; $notes = $find->get_Notes(); } diff --git a/inc/array2xml.inc b/inc/array2xml.inc index 8a96a9e..b7797de 100644 --- a/inc/array2xml.inc +++ b/inc/array2xml.inc @@ -103,6 +103,10 @@ class Array2XML { //return from recursion, as a note with cdata cannot have child nodes. return $node; } + elseif(isset($arr['@comment']) && is_string($arr['@comment'])) { + $node->appendChild($xml->createComment(self::bool2str($arr['@comment']))); + unset($arr['@comment']); + } } //create subnodes using recursion From 43da94ed9c18a198ac71d0f145be8e9d238421d4 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 17 Oct 2018 14:42:49 -0400 Subject: [PATCH 04/52] Fix for #57 --- classes/ste_cat.inc | 12 ++++++++---- ste/index.php | 17 ++++------------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/classes/ste_cat.inc b/classes/ste_cat.inc index 5b3bc86..cf6f4a3 100644 --- a/classes/ste_cat.inc +++ b/classes/ste_cat.inc @@ -254,10 +254,10 @@ class ste_cat */ public function get_Table_Row($intCount = 0, $status_count = null) { - $nf = 0; - $open = 0; - $na = 0; - if (!is_null($status_count)) { + $nf = $this->nf; + $open = $this->open; + $na = $this->na; + if (!is_null($status_count) && is_array($status_count)) { if (isset($status_count['nf'])) { $nf = $status_count['nf']; } @@ -271,6 +271,10 @@ class ste_cat } } + if(!$intCount) { + $intCount = $this->tgt_count; + } + $cat_sources = []; if (is_array($this->sources) && count($this->sources)) { foreach ($this->sources as $src) { diff --git a/ste/index.php b/ste/index.php index d540fd6..fe8d330 100644 --- a/ste/index.php +++ b/ste/index.php @@ -468,20 +468,11 @@ include_once 'header.inc'; } } + /** + * @var ste_cat $cat + */ foreach ($cats as $cat) { - $nr = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Reviewed"); - $na = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Applicable"); - $nf = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not a Finding"); - $open = $db->get_Finding_Count_By_Status($cat->get_ID(), "Open"); - - $count = $db->get_STE_Cat_TGT_Count($cat->get_ID()); - - print $cat->get_Table_Row($count, [ - "open" => $open, - "nf" => $nf, - "na" => $na, - "nr" => $nr - ]); + print $cat->get_Table_Row(); } } else { From 3ffd9b971ea191dbd88881e6025724c1ba0b3586 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 17 Oct 2018 16:26:42 -0400 Subject: [PATCH 05/52] Update for config.inc for 1.3.4 release --- config.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.inc b/config.inc index 8fc06d5..0656b55 100644 --- a/config.inc +++ b/config.inc @@ -30,8 +30,8 @@ define('E_DEBUG', 65535); define('DOC_ROOT', '{DOC_ROOT}'); define('PWD_FILE', '{PWD_FILE}'); define('TMP', '{TMP_PATH}'); -define('VER', '1.3.3'); -define('REL_DATE', '2018-08-31'); +define('VER', '1.3.4'); +define('REL_DATE', '2018-11-30'); define('LOG_LEVEL', '{E_ERROR}'); define('LOG_PATH', '{LOG_PATH}'); define('SALT', '{SALT}'); From 1645914d323581de2f855b9cacea9775dab654b0 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 17 Oct 2018 19:44:37 -0400 Subject: [PATCH 06/52] Update to fix some of the improper working of the results page. This does not fix the SCC result parsing...still working on that. --- inc/database.inc | 43 +++-- results/index.php | 333 +++++++++++++++++++--------------- results/results_script.js | 8 - results/results_script.min.js | 4 +- 4 files changed, 218 insertions(+), 170 deletions(-) diff --git a/inc/database.inc b/inc/database.inc index 6c4d56c..6d2e50f 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -4269,13 +4269,13 @@ class db public function get_Finding_Count_By_Status($cat_id, $status, $cat = null, $ctrl = null) { $joins = [ - "LEFT JOIN sagacity.target_checklist tc ON t.id=tc.tgt_id", - "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.checklist_id=tc.chk_id", - "LEFT JOIN sagacity.findings f ON f.pdi_id=pcl.pdi_id AND t.id=f.tgt_id", - "LEFT JOIN sagacity.findings_status fs ON fs.id=f.findings_status_id" + "JOIN target_checklist tc ON t.id = tc.tgt_id", + "JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id", + "LEFT JOIN findings f ON f.pdi_id = pcl.pdi_id AND t.id = f.tgt_id", + "LEFT JOIN findings_status fs ON fs.id = f.findings_status_id" ]; if (!is_null($ctrl)) { - $joins[] = "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id`=f.`id`"; + $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; } $where = [ @@ -4323,20 +4323,20 @@ class db } $field = ($status == 'Not Reviewed' ? "COUNT(DISTINCT(pcl.pdi_id)) AS 'count'" : "COUNT(DISTINCT(f.id)) AS 'count'"); - $this->help->select_count("sagacity.target t", $where, ['table_joins' => $joins]); + $this->help->select_count("target t", $where, ['table_joins' => $joins]); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt = $this->help->execute(); $joins = [ - "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.checklist_id=c.id", - "LEFT JOIN sagacity.findings f ON f.pdi_id=pcl.pdi_id", - "LEFT JOIN sagacity.findings_status fs ON f.findings_status_id=fs.id", - "JOIN sagacity.target t ON t.id=f.tgt_id" + "JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = c.id", + "JOIN findings f ON f.pdi_id = pcl.pdi_id", + "LEFT JOIN findings_status fs ON f.findings_status_id = fs.id", + "JOIN target t ON t.id = f.tgt_id" ]; if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { - $joins[] = "JOIN sagacity.finding_controls fc ON fc.finding_id=f.id"; + $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; } $where = [ @@ -4388,7 +4388,7 @@ class db ]; } - $this->help->select_count("sagacity.checklist c", $where, array('table_joins' => $joins)); + $this->help->select_count("checklist c", $where, array('table_joins' => $joins)); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt += $this->help->execute(); @@ -8404,8 +8404,11 @@ class db } if ($del_tgts) { + /** + * @var host_list $host + */ foreach ($scan->get_Host_List() as $host) { - $this->delete_Target($host->targetId); + $this->delete_Target($host->getTargetId()); } } @@ -9845,6 +9848,7 @@ class db } /** + * Method to retrieve the category count data from the database for a specific category * * @param ste_cat $cat */ @@ -9854,12 +9858,14 @@ class db if($cat->get_ID()) { $where[] = [ 'field' => 'cat_id', + 'op' => '=', 'value' => $cat->get_ID() ]; } else { $where[] = [ 'field' => 'ste_id', + 'op' => '=', 'value' => $cat->get_STE_ID() ]; } @@ -11343,8 +11349,8 @@ class db ] ], [ 'table_joins' => [ - "LEFT JOIN target_checklist tc ON tc.tgt_id = t.id", - "LEFT JOIN pdi_checklist_lookup pcl ON tc.chk_id = pcl.checklist_id", + "JOIN target_checklist tc ON tc.tgt_id = t.id", + "JOIN pdi_checklist_lookup pcl ON tc.chk_id = pcl.checklist_id", "LEFT JOIN findings f ON f.tgt_id = t.id AND f.pdi_id = pcl.pdi_id", "LEFT JOIN findings_status fs ON f.findings_status_id = fs.id" ], @@ -11382,6 +11388,7 @@ class db $na += $row['finding_count']; break; case 'Not Reviewed': + case 'No Data': $nr += $row['finding_count']; break; case 'Open': @@ -11566,11 +11573,17 @@ class db if (!$tgt->is_PP_Suspended()) { $this->post_Processing($tgt->get_ID()); } + else { + $this->update_Target_Counts($tgt->get_ID()); + } } else { if ($pp === true) { $this->post_Processing($tgt->get_ID()); } + else { + $this->update_Target_Counts($tgt->get_ID()); + } } $this->help->replace("target_net_meta", [ diff --git a/results/index.php b/results/index.php index 3d41f76..297e6b9 100644 --- a/results/index.php +++ b/results/index.php @@ -55,27 +55,21 @@ set_time_limit(120); $db = new db(); -$sources = $db->get_Sources(); -$task_status = $db->get_Task_Statuses(); - $ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT); -if (!$ste_id) { +if (! $ste_id) { $ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT); } -$status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING); -$type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING); -$scans = []; +$status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING); +$type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING); +$scans = []; if ($type != 'all' && $status != 'all') { $scans = $db->get_ScanData($ste_id, null, $status, $type); -} -elseif ($type != 'all') { +} elseif ($type != 'all') { $scans = $db->get_ScanData($ste_id, null, null, $type); -} -elseif ($status != 'all') { +} elseif ($status != 'all') { $scans = $db->get_ScanData($ste_id, null, $status); -} -elseif (isset($ste_id)) { +} elseif (isset($ste_id)) { $scans = $db->get_ScanData($ste_id); } @@ -86,76 +80,81 @@ $stes = $db->get_STE();
-

Do you want to delete the associated targets?


-

WARNING: This will delete ALL targets in this scan and all associated data even if it was imported from another scan. This action is irreversible

+

+ Do + you want to delete the associated targets? +

+
+

WARNING: This will delete ALL targets in this scan and all + associated data even if it was imported from another scan. This + action is irreversible

-

Are you sure you want to delete this scan?

+

+ Are + you sure you want to delete this scan? +

diff --git a/results/results_script.js b/results/results_script.js index 2b55e2d..8c71d0a 100644 --- a/results/results_script.js +++ b/results/results_script.js @@ -66,11 +66,3 @@ function add_import() { $('#import').css('display', 'block'); view_box(); } - -function del_scan(form) { - if ($('#toggle_refresh').val() == 'Stop Refresh') { - clearTimeout(to); - to = null; - } - $('#delete-target-confirm').dialog('open'); -} diff --git a/results/results_script.min.js b/results/results_script.min.js index 4dd1b3f..32a8db6 100644 --- a/results/results_script.min.js +++ b/results/results_script.min.js @@ -1,2 +1,2 @@ - -$(function(){$(".close, .backdrop").click(function(){close_box()})});function List_host(a){$("#host_list_frame").attr("src","host_list_iframe.php?ste="+$("#ste").val()+"&scan_id="+a);$("#host_list_div").animate({opacity:"1.00"},300,"linear");$("#host_list_div").css("display","block");view_box()}function close_box(){$(".backdrop, .box").animate({opacity:"0"},300,"linear",function(){$(".backdrop, .box").css("display","none")});$(".dz-complete").remove();$(".dz-message").show()}function view_box(){$(".backdrop").animate({opacity:".5"},300,"linear");$(".backdrop").css("display","block")}function add_import(){if($("#ste").val()<1){alert("Please select an ST&E");return}$("#add_import").val($("#ste").val());$("#import").animate({opacity:"1.00"},300,"linear");$("#import").css("display","block");view_box()}function del_scan(a){if($("#toggle_refresh").val()=="Stop Refresh"){clearTimeout(to);to=null}$("#delete-target-confirm").dialog("open")}; \ No newline at end of file +$(function(){$(".close, .backdrop").click(function(){close_box();});});function List_host(scan_id){$("#host_list_frame").attr("src","host_list_iframe.php?ste="+$("#ste").val()+"&scan_id="+scan_id);$("#host_list_div").animate({"opacity":"1.00"},300,"linear");$("#host_list_div").css("display","block");view_box();}function close_box(){$(".backdrop, .box").animate({"opacity":"0"},300,"linear",function(){$(".backdrop, .box").css("display","none");});$(".dz-complete").remove();$(".dz-message").show();}function view_box(){$(".backdrop").animate({"opacity":".5"},300,"linear"); +$(".backdrop").css("display","block");}function add_import(){if($("#ste").val()<1){alert("Please select an ST&E");return;}$("#add_import").val($("#ste").val());$("#import").animate({"opacity":"1.00"},300,"linear");$("#import").css("display","block");view_box();} \ No newline at end of file From 98ea166a224c43c9b8fb3eb40751648bd9652405 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 17 Oct 2018 22:19:41 -0400 Subject: [PATCH 07/52] Fix for #10, #57, & #58 --- exec/parse_scc_xccdf.php | 1172 ++++++++++++++++++++------------------ inc/database.inc | 2 +- inc/helper.inc | 2 +- 3 files changed, 610 insertions(+), 566 deletions(-) diff --git a/exec/parse_scc_xccdf.php b/exec/parse_scc_xccdf.php index 004ed73..eea21f9 100644 --- a/exec/parse_scc_xccdf.php +++ b/exec/parse_scc_xccdf.php @@ -24,643 +24,687 @@ * - May 13, 2017 - Fixed error when trying to delete a USGCB scan file (not supported) * - Oct 23, 2017 - Fixed error of finding statuses being overwritten */ -$cmd = getopt("f:", ['debug::', 'help::']); +$cmd = getopt("f:", [ + 'debug::', + 'help::' +]); -if (!isset($cmd['f']) || isset($cmd['help'])) { - die(usage()); +if (! isset($cmd['f']) || isset($cmd['help'])) { + die(usage()); } $conf = parse_ini_file("parse_config.ini"); -if (!$conf) { - die("Could not find parse_config.ini configuration file"); +if (! $conf) { + die("Could not find parse_config.ini configuration file"); } chdir($conf['doc_root']); set_time_limit(0); +require_once 'vendor/autoload.php'; include_once 'config.inc'; include_once 'xml_parser.inc'; include_once 'database.inc'; include_once 'helper.inc'; +use Monolog\Logger; +use Monolog\Handler\StreamHandler; + chdir(TMP); $db = new db(); +$log_level = convert_log_level(); + $base_name = basename($cmd['f']); -$host_list = array(); -$err = new Sagacity_Error($cmd['f']); +$log = new Logger("scc-import"); +$log->pushHandler(new StreamHandler(logify($cmd['f']), $log_level)); -if (!file_exists($cmd['f'])) { - $db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']); - $err->script_log("File not found", E_ERROR); -} -elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) { - $scan = $db->get_ScanData($conf['ste'], $cmd['f']); - if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) { - $db->delete_Scan($scan[0]->get_ID(), false); - } - $err->script_log("Cannot parse these types of files", E_ERROR); +if (! file_exists($cmd['f'])) { + $db->update_Running_Scan($base_name, [ + 'name' => 'status', + 'value' => 'ERROR' + ]); + $log->error("File not found"); + die(); +} elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) { + $scan = $db->get_ScanData($conf['ste'], $cmd['f']); + if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) { + $db->delete_Scan($scan[0]->get_ID(), false); + } + $log->error("Cannot parse these types of files"); + die(); } -class scc_parser extends scan_xml_parser { +class scc_parser extends scan_xml_parser +{ - var $values; - var $value_id; - var $getvalue = false; - var $groups; - var $group_id; - var $vms_id; - var $vms = null; - var $sv_rule; - var $tgt; - var $tag; - var $int_count = 0; - var $found_rule = false; + var $values; - /** - * Constructor - * - * @param int $ste_id_in - * @param string $fname_in - */ - public function __construct($ste_id_in, $fname_in) { - $this->values = array(); - $this->groups = array(); - $this->tag = array(); - parent::__construct($this, $ste_id_in, $fname_in); - $this->db->update_Running_Scan($this->scan->get_File_Name(), ['name' => 'pid', 'value' => getmypid()]); - } + var $value_id; - /** - * Function to parse \cdf:Benchmark\cdf:Value tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_Value($attrs) { - $this->values[$attrs['id']] = null; - $this->value_id = $attrs['id']; - } + var $getvalue = false; - /** - * Function to parse \cdf:Benchmark\cdf:Value\cdf:value tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_Value_cdf_value($attrs) { - if (!isset($attrs['selector'])) { - $this->getvalue = true; - } - else { - $this->getvalue = false; - } - } + var $groups; - /** - * Function to parse \cdf:Benchmark\cdf:value\cdf:value character data - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Value_cdf_value_data($data) { - if ($this->getvalue) { - $this->values[$this->value_id] = $data; - } - } + var $group_id; - /** - * Function to parse \cdf:Benchmark\cdf:Group tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_Group($attrs) { - $this->vms = $this->db->get_GoldDisk($attrs['id']); + var $vms_id; - if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) { - $this->group_id = $this->vms[0]->get_PDI_ID(); - } - else { - $this->group_id = $attrs['id']; - $this->vms = null; + var $vms = null; + + var $sv_rule; + + var $tgt; + + var $tag; + + var $int_count = 0; + + var $found_rule = false; + + var $log = null; + + /** + * Constructor + * + * @global Monolog\Logger $log + * + * @param int $ste_id_in + * @param string $fname_in + */ + public function __construct($ste_id_in, $fname_in) + { + $this->values = []; + $this->groups = []; + $this->tag = []; + parent::__construct($this, $ste_id_in, $fname_in); + $this->db->update_Running_Scan($this->scan->get_File_Name(), [ + 'name' => 'pid', + 'value' => getmypid() + ]); } - $this->vms_id = $attrs['id']; - $this->groups[$this->group_id] = array(); - $this->found_rule = false; - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs) { - $sv_rule = $this->db->get_SV_Rule(null, $attrs['id']); - - if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) { - $this->found_rule = true; - $this->sv_rule = $sv_rule[0]; - - unset($this->groups[$this->group_id]); - $this->group_id = $this->sv_rule->get_PDI_ID(); - - $this->groups[$this->group_id] = [ - 'sv_rule' => $this->sv_rule, - 'stig' => null, - 'version' => null, - 'title' => null, - 'vms_id' => $this->vms_id, - 'oval_id' => null, - 'val_id' => null, - 'value' => null, - 'cce' => null, - 'fix' => null, - 'desc' => null, - 'status' => "Not Reviewed", - 'cat' => 2 - ]; - } - else { - return; + /** + * Function to parse \cdf:Benchmark\cdf:Value tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_Value($attrs) + { + $this->values[$attrs['id']] = null; + $this->value_id = $attrs['id']; } - $stig = $this->db->get_STIG_By_PDI($this->sv_rule->get_PDI_ID()); - - if (is_a($stig, 'stig')) { - $this->groups[$this->group_id]['stig'] = $stig; - $this->groups[$this->group_id]['version'] = $stig->get_ID(); - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:version character data (STIG id) - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data) { - $stig = $this->db->get_Stig($data); - if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { - $this->found_rule = true; - $stig = $stig[0]; - - unset($this->groups[$this->group_id]); - $this->group_id = $stig->get_PDI_ID(); - - $this->groups[$this->group_id] = [ - 'sv_rule' => (is_a($this->sv_rule, 'sv_rule') ? $this->sv_rule : null), - 'stig' => $stig, - 'version' => $stig->get_ID(), - 'title' => null, - 'vms_id' => $this->vms_id, - 'oval_id' => null, - 'val_id' => null, - 'value' => null, - 'cce' => null, - 'fix' => null, - 'desc' => null, - 'status' => "Not Reviewed", - 'cat' => 2 - ]; - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:title character data (short title) - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data) { - if (empty($this->groups[$this->group_id]['title'])) { - $this->groups[$this->group_id]['title'] = $data; - } - else { - //error_log(print_r($this->group_id, true)); - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:description character data (description) - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data) { - if (!isset($this->groups[$this->group_id])) { - $this->groups[$this->group_id] = array(); + /** + * Function to parse \cdf:Benchmark\cdf:Value\cdf:value tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_Value_cdf_value($attrs) + { + $this->getvalue = false; + if (! isset($attrs['selector'])) { + $this->getvalue = true; + } } - if (isset($this->groups[$this->group_id]['desc'])) { - $this->groups[$this->group_id]['desc'] .= $data; - } - else { - $this->groups[$this->group_id]['desc'] = $data; - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:ident character data (CCI,CCE,etc) - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data) { - if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) { - $this->groups[$this->group_id]['cce'] = $data; - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:fixtext character data - * - * @param string $data - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data) { - if (empty($this->groups[$this->group_id]['fix'])) { - $this->groups[$this->group_id]['fix'] = htmlentities($data); - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:check\cdf:check-export tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs) { - if (empty($this->groups[$this->group_id]['val_id'])) { - $this->groups[$this->group_id]['val_id'] = $attrs['value-id']; - $this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']]; - - $this->groups[$this->group_id]['oval_id'] = $attrs['export-name']; - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions - */ - public function cdf_Benchmark_cdf_Group_end() { - if (!$this->found_rule) { - $this->log->script_log("Rule tag was not present for " . $this->group_id); - unset($this->groups[$this->group_id]); - return; + /** + * Function to parse \cdf:Benchmark\cdf:value\cdf:value character data + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Value_cdf_value_data($data) + { + if ($this->getvalue) { + $this->values[$this->value_id] = $data; + } } - if (empty($this->groups[$this->group_id]['stig'])) { - $ia_controls = array(); - $this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING); - $pdi = new pdi(null, '', 'NOW'); - $pdi->set_Short_Title($this->groups[$this->group_id]['title']); - $pdi->set_Group_Title($this->groups[$this->group_id]['title']); - $pdi->set_Description($this->groups[$this->group_id]['desc']); - $pdi_id = $this->db->save_PDI($pdi); - $stig = new stig($pdi_id, $this->groups[$this->group_id]['version'], $this->groups[$this->group_id]['title']); - $this->db->add_Stig($stig); - $this->groups[$this->group_id]['stig'] = $stig; + /** + * Function to parse \cdf:Benchmark\cdf:Group tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_Group($attrs) + { + $this->vms = $this->db->get_GoldDisk($attrs['id']); - if (!empty($this->groups[$this->group_id]['desc'])) { - $match = array(); - if (preg_match("/\(.*)\<\/IAControls\>/", $this->groups[$this->group_id]['desc'], $match)) { - $ias = explode(", ", $match[1]); - if (is_array($ias) && count($ias)) { - foreach ($ias as $ia) { - $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, -1)); + if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) { + $this->group_id = $this->vms[0]->get_PDI_ID(); + } else { + $this->group_id = $attrs['id']; + $this->vms = null; + } + + $this->vms_id = $attrs['id']; + $this->groups[$this->group_id] = array(); + $this->found_rule = false; + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs) + { + $sv_rule = $this->db->get_SV_Rule(null, $attrs['id']); + + if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) { + $this->found_rule = true; + $this->sv_rule = $sv_rule[0]; + + unset($this->groups[$this->group_id]); + $this->group_id = $this->sv_rule->get_PDI_ID(); + + $this->groups[$this->group_id] = [ + 'sv_rule' => $this->sv_rule, + 'stig' => null, + 'version' => null, + 'title' => null, + 'vms_id' => $this->vms_id, + 'oval_id' => null, + 'val_id' => null, + 'value' => null, + 'cce' => null, + 'fix' => null, + 'desc' => null, + 'status' => "Not Reviewed", + 'cat' => 2 + ]; + } else { + return; + } + + $stig = $this->db->get_STIG_By_PDI($this->sv_rule->get_PDI_ID()); + + if (is_a($stig, 'stig')) { + $this->groups[$this->group_id]['stig'] = $stig; + $this->groups[$this->group_id]['version'] = $stig->get_ID(); + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:version character data (STIG id) + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data) + { + $stig = $this->db->get_Stig($data); + if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { + $this->found_rule = true; + $stig = $stig[0]; + + unset($this->groups[$this->group_id]); + $this->group_id = $stig->get_PDI_ID(); + + $this->groups[$this->group_id] = [ + 'sv_rule' => (is_a($this->sv_rule, 'sv_rule') ? $this->sv_rule : null), + 'stig' => $stig, + 'version' => $stig->get_ID(), + 'title' => null, + 'vms_id' => $this->vms_id, + 'oval_id' => null, + 'val_id' => null, + 'value' => null, + 'cce' => null, + 'fix' => null, + 'desc' => null, + 'status' => "Not Reviewed", + 'cat' => 2 + ]; + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:title character data (short title) + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data) + { + if (empty($this->groups[$this->group_id]['title'])) { + $this->groups[$this->group_id]['title'] = $data; + } else { + // error_log(print_r($this->group_id, true)); + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:description character data (description) + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data) + { + if (! isset($this->groups[$this->group_id])) { + $this->groups[$this->group_id] = []; + } + + if (isset($this->groups[$this->group_id]['desc'])) { + $this->groups[$this->group_id]['desc'] .= $data; + } else { + $this->groups[$this->group_id]['desc'] = $data; + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:ident character data (CCI,CCE,etc) + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data) + { + if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) { + $this->groups[$this->group_id]['cce'] = $data; + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:fixtext character data + * + * @param string $data + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data) + { + if (empty($this->groups[$this->group_id]['fix'])) { + $this->groups[$this->group_id]['fix'] = htmlentities($data); + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group\cdf:Rule\cdf:check\cdf:check-export tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs) + { + if (empty($this->groups[$this->group_id]['val_id'])) { + $this->groups[$this->group_id]['val_id'] = $attrs['value-id']; + $this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']]; + + $this->groups[$this->group_id]['oval_id'] = $attrs['export-name']; + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions + */ + public function cdf_Benchmark_cdf_Group_end() + { + if (! $this->found_rule) { + $this->log->script_log("Rule tag was not present for " . $this->group_id); + unset($this->groups[$this->group_id]); + return; + } + + if (empty($this->groups[$this->group_id]['stig'])) { + $ia_controls = []; + $this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING); + $pdi = new pdi(null, '', 'NOW'); + $pdi->set_Short_Title($this->groups[$this->group_id]['title']); + $pdi->set_Group_Title($this->groups[$this->group_id]['title']); + $pdi->set_Description($this->groups[$this->group_id]['desc']); + $pdi_id = $this->db->save_PDI($pdi); + $stig = new stig($pdi_id, $this->groups[$this->group_id]['version'], $this->groups[$this->group_id]['title']); + $this->db->add_Stig($stig); + $this->groups[$this->group_id]['stig'] = $stig; + + if (! empty($this->groups[$this->group_id]['desc'])) { + $match = array(); + if (preg_match("/\(.*)\<\/IAControls\>/", $this->groups[$this->group_id]['desc'], $match)) { + $ias = explode(", ", $match[1]); + if (is_array($ias) && count($ias)) { + foreach ($ias as $ia) { + $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, - 1)); + } + } else { + $ia_controls[] = new ia_control($pdi_id, "ECSC", 1); + } + } + } else { + $ia_controls[] = new ia_control($pdi_id, 'ECSC', 1); } - } - else { - $ia_controls[] = new ia_control($pdi_id, "ECSC", 1); - } - } - } - else { - $ia_controls[] = new ia_control($pdi_id, 'ECSC', 1); - } - $this->db->save_IA_Control($ia_controls); - } - - if (empty($this->vms)) { - $this->vms = new golddisk($this->groups[$this->group_id]['stig']->get_PDI_ID(), $this->vms_id, $this->groups[$this->group_id]['title']); - $this->db->save_GoldDisk($this->vms); - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts\cdf:fact tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs) { - $tmp = explode(":", $attrs['name']); - $this->tag_id = end($tmp); - if (isset($this->tag[$this->tag_id])) { - if ($this->tag_id == 'interface_name') { - $this->int_count++; - } - $this->tag_id .= $this->int_count; - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts\cdf:fact character data - * - * @param string $data - */ - public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data) { - $this->tag[$this->tag_id] = str_replace("\n", "", $data); - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results - */ - public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end() { - //error_log(print_r($this->tag, true)); - $host_name = $this->tag['host_name']; - if (preg_match("/\./", $host_name)) { - $host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name); - } - - if (!($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) { - $this->log->script_log("Creating new target with hostname $host_name", E_DEBUG); - $os = array(); - if (isset($this->tag['os_name']) && isset($this->tag['os_version']) && is_numeric($this->tag['os_version'])) { - $this->tag['os_name'] .= " {$this->tag['os_version']}"; - } - - if (isset($this->tag['os_name'])) { - $os_regex = $this->db->get_Regex_Array("os"); - $os = software::identify_Software($os_regex, $this->tag['os_name']); - $os = $this->db->get_Software($os); - } - - $this->log->script_log("Identified OS " . print_r($os, true), E_DEBUG); - - if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) { - $os = $os[0]; - } - else { - $os = $this->db->get_Software("cpe:/o:generic:generic:-")[0]; - } - - if (!is_a($os, 'software')) { - $this->log->script_log("Failed to identify the OS", E_ERROR); - } - - $tgt = new target($host_name); - $tgt->set_STE_ID($this->ste_id); - $tgt->set_Notes("New target found by SCC"); - - if (is_a($os, "software")) { - $this->log->script_log("Assigning OS {$os->get_CPE()}", E_DEBUG); - - $tgt->set_OS_ID($os->get_ID()); - $tgt->set_OS_String($os->get_Shortened_SW_String()); - } - - $tgt_id = $this->db->save_Target($tgt); - } - - $this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0]; - - $int_keys = preg_grep("/interface_name/", array_keys($this->tag)); - $match = array(); - foreach ($int_keys as $key) { - $idx = ''; - if (preg_match("/interface_name(\d+)/", $key, $match)) { - $idx = $match[1]; - } - - if (isset($this->tag["ipv4$idx"])) { - $ip = explode(",", $this->tag["ipv4$idx"]); - - $ipv4 = null; - $ipv6 = null; - - if (is_array($ip) && count($ip) == 1) { - if (preg_match("/\d+\./", $ip[0])) { - $ipv4 = $ip[0]; - } - elseif (preg_match("/[a-f0-9]+/", $ip[0])) { - $ipv6 = $ip[0]; - } - } - elseif (is_array($ip) && count($ip) == 2) { - $ipv4 = $ip[0]; - $ipv6 = $ip[1]; + $this->db->save_IA_Control($ia_controls); } - if ($ipv4) { - $int = new interfaces(null, $tgt_id, $this->tag["interface_name$idx"], $ipv4, null, (isset($this->tag['host_name']) ? $this->tag['host_name'] : ""), (isset($this->tag['fqdn']) ? $this->tag['fqdn'] : ""), null); - if (isset($this->tag["mac$idx"])) { - $int->set_MAC($this->tag["mac$idx"]); - } - $this->db->save_Interface($int); + if (empty($this->vms)) { + $this->vms = new golddisk($this->groups[$this->group_id]['stig']->get_PDI_ID(), $this->vms_id, $this->groups[$this->group_id]['title']); + $this->db->save_GoldDisk($this->vms); + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts\cdf:fact tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs) + { + $tmp = explode(":", $attrs['name']); + $this->tag_id = end($tmp); + if (isset($this->tag[$this->tag_id])) { + if ($this->tag_id == 'interface_name') { + $this->int_count ++; + } + $this->tag_id .= $this->int_count; + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts\cdf:fact character data + * + * @param string $data + */ + public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data) + { + $this->tag[$this->tag_id] = str_replace("\n", "", $data); + } + + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results + */ + public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end() + { + // error_log(print_r($this->tag, true)); + $host_name = $this->tag['host_name']; + if (preg_match("/\./", $host_name)) { + $host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name); } - if ($ipv6) { - $int = new interfaces(null, $tgt_id, $this->tag["interface_name$idx"], null, $ipv6, (isset($this->tag['host_name']) ? $this->tag['host_name'] : ""), (isset($this->tag['fqdn']) ? $this->tag['fqdn'] : ""), null); - if (isset($this->tag["mac$idx"])) { - $int->set_MAC($this->tag["mac$idx"]); - } - $this->db->save_Interface($int); - } - } - } - } + if (! ($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) { + $this->log->script_log("Creating new target with hostname $host_name", E_DEBUG); + $os = array(); + if (isset($this->tag['os_name']) && isset($this->tag['os_version']) && is_numeric($this->tag['os_version'])) { + $this->tag['os_name'] .= " {$this->tag['os_version']}"; + } - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:platform tag (stores CPE) - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs) { - if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') { - $cpe = $attrs['idref']; + if (isset($this->tag['os_name'])) { + $os_regex = $this->db->get_Regex_Array("os"); + $os = software::identify_Software($os_regex, $this->tag['os_name']); + $os = $this->db->get_Software($os); + } - $sw = $this->db->get_Software($cpe); + $this->log->script_log("Identified OS " . print_r($os, true), E_DEBUG); - if (is_array($sw) && count($sw) && is_a($this->tgt, 'target')) { - $sw = $sw[0]; - if ($sw->is_OS() && $this->tgt->get_OS_ID() != $sw->get_ID()) { - $this->log->script_log("Update OS " . $sw->get_CPE()); - $this->tgt->set_OS_ID($sw->get_ID()); - $this->tgt->set_OS_String($sw->get_Shortened_SW_String()); - } - elseif (!$sw->is_OS() && !in_array($sw, $this->tgt->software)) { - $this->log->script_log("Assigning software " . $sw->get_CPE()); - $this->tgt->software[] = $sw; - } - } + if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) { + $os = $os[0]; + } else { + $os = $this->db->get_Software("cpe:/o:generic:generic:-")[0]; + } - $this->db->save_Target($this->tgt); - } - } + if (! is_a($os, 'software')) { + $this->log->script_log("Failed to identify the OS", E_ERROR); + } - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result tag - * - * @param array $attrs - */ - public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs) { - $stig = $this->db->get_Stig($attrs['version']); - $sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']); + $tgt = new target($host_name); + $tgt->set_STE_ID($this->ste_id); + $tgt->set_Notes("New target found by SCC"); - $this->log->script_log("Version: {$attrs['version']}", E_DEBUG); - $this->log->script_log("STIG data: " . print_r($stig, true), E_DEBUG); + if (is_a($os, "software")) { + $this->log->script_log("Assigning OS {$os->get_CPE()}", E_DEBUG); - if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { - $stig = $stig[0]; - $this->group_id = $stig->get_PDI_ID(); - } - elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && !$this->group_id) { - $sv_rule = $sv_rule[0]; - $this->group_id = $sv_rule->get_PDI_ID(); - } - else { - $this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING); + $tgt->set_OS_ID($os->get_ID()); + $tgt->set_OS_String($os->get_Shortened_SW_String()); + } - $this->group_id = null; - - return; - /* - $level = 1; - if ($attrs['severity'] == 'medium') { - $level = 2; - } - elseif ($attrs['severity'] == 'low') { - $level = 3; - } - $pdi = new pdi(null, $level, new DateTime); - $pdi_id = $this->db->save_PDI($pdi); - - $this->group_id = $pdi_id; - - if (!empty($attrs['version'])) { - $stig = new stig($pdi_id, $attrs['version'], null, null); - $this->db->add_Stig($stig); + $tgt_id = $this->db->save_Target($tgt); } - if (!empty($attrs['idref'])) { - $sv_rule = new sv_rule($pdi_id, $attrs['idref']); - $this->db->save_SV_Rule($sv_rule); + $this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0]; + + $int_keys = preg_grep("/interface_name/", array_keys($this->tag)); + $match = []; + foreach ($int_keys as $key) { + $idx = ''; + if (preg_match("/interface_name(\d+)/", $key, $match)) { + $idx = $match[1]; + } + + if (isset($this->tag["ipv4$idx"])) { + $ip = explode(",", $this->tag["ipv4$idx"]); + + $ipv4 = null; + $ipv6 = null; + + if (is_array($ip) && count($ip) == 1) { + if (preg_match("/\d+\./", $ip[0])) { + $ipv4 = $ip[0]; + } elseif (preg_match("/[a-f0-9]+/", $ip[0])) { + $ipv6 = $ip[0]; + } + } elseif (is_array($ip) && count($ip) == 2) { + $ipv4 = $ip[0]; + $ipv6 = $ip[1]; + } + + if ($ipv4) { + $int = new interfaces(null, $tgt_id, $this->tag["interface_name$idx"], $ipv4, null, (isset($this->tag['host_name']) ? $this->tag['host_name'] : ""), (isset($this->tag['fqdn']) ? $this->tag['fqdn'] : ""), null); + if (isset($this->tag["mac$idx"])) { + $int->set_MAC($this->tag["mac$idx"]); + } + $this->db->save_Interface($int); + } + + if ($ipv6) { + $int = new interfaces(null, $tgt_id, $this->tag["interface_name$idx"], null, $ipv6, (isset($this->tag['host_name']) ? $this->tag['host_name'] : ""), (isset($this->tag['fqdn']) ? $this->tag['fqdn'] : ""), null); + if (isset($this->tag["mac$idx"])) { + $int->set_MAC($this->tag["mac$idx"]); + } + $this->db->save_Interface($int); + } + } + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:platform tag (stores CPE) + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs) + { + if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') { + $cpe = $attrs['idref']; + + $sw = $this->db->get_Software($cpe); + + if (is_array($sw) && count($sw) && is_a($this->tgt, 'target')) { + $sw = $sw[0]; + if ($sw->is_OS() && $this->tgt->get_OS_ID() != $sw->get_ID()) { + $this->log->script_log("Update OS " . $sw->get_CPE()); + $this->tgt->set_OS_ID($sw->get_ID()); + $this->tgt->set_OS_String($sw->get_Shortened_SW_String()); + } elseif (! $sw->is_OS() && ! in_array($sw, $this->tgt->software)) { + $this->log->script_log("Assigning software " . $sw->get_CPE()); + $this->tgt->software[] = $sw; + } + } + + $this->db->save_Target($this->tgt); + } + } + + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result tag + * + * @param array $attrs + */ + public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs) + { + $stig = $this->db->get_Stig($attrs['version']); + $sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']); + + $this->log->script_log("Version: {$attrs['version']}", E_DEBUG); + $this->log->script_log("STIG data: " . print_r($stig, true), E_DEBUG); + + if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { + $stig = $stig[0]; + $this->group_id = $stig->get_PDI_ID(); + } elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && ! $this->group_id) { + $sv_rule = $sv_rule[0]; + $this->group_id = $sv_rule->get_PDI_ID(); + } else { + $this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING); + + $this->group_id = null; + + return; + /* + * $level = 1; + * if ($attrs['severity'] == 'medium') { + * $level = 2; + * } + * elseif ($attrs['severity'] == 'low') { + * $level = 3; + * } + * $pdi = new pdi(null, $level, new DateTime); + * $pdi_id = $this->db->save_PDI($pdi); + * + * $this->group_id = $pdi_id; + * + * if (!empty($attrs['version'])) { + * $stig = new stig($pdi_id, $attrs['version'], null, null); + * $this->db->add_Stig($stig); + * } + * + * if (!empty($attrs['idref'])) { + * $sv_rule = new sv_rule($pdi_id, $attrs['idref']); + * $this->db->save_SV_Rule($sv_rule); + * } + * + * return; + */ } - return; - */ - } - - if (empty($this->groups[$this->group_id]['sv_rule']) && is_a($sv_rule, "sv_rule")) { - $this->groups[$this->group_id]['sv_rule'] = $sv_rule; - } - - if (empty($this->groups[$this->group_id]['stig']) && is_a($stig, "stig")) { - $this->groups[$this->group_id]['stig'] = $stig; - } - - if (isset($attrs['severity'])) { - switch ($attrs['severity']) { - case 'low': - $this->groups[$this->group_id]['cat'] = 3; - break; - case 'high': - $this->groups[$this->group_id]['cat'] = 1; - break; - } - } - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result\cdf:result character data - * - * @param string $data - */ - public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data) { - if (preg_match("/pass|true/i", $data)) { - $this->groups[$this->group_id]['status'] = "Not a Finding"; - } - elseif (preg_match("/fail|false/i", $data)) { - $this->groups[$this->group_id]['status'] = "Open"; - } - - $this->log->script_log("{$this->group_id} {$this->groups[$this->group_id]['status']}", E_DEBUG); - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result\cdf:ident character data - * - * @param string $data - */ - public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data) { - - } - - /** - * Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results - */ - public function cdf_Benchmark_cdf_TestResult_end() { - $new_findings = []; - $update_findings = []; - foreach ($this->groups as $pdi_id => $group) { - if (!empty($group['val_id'])) { - $note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']]; - } - else { - $note = "(SCC) "; - } - - if (isset($group['stig']) && is_a($group['stig'], 'stig')) { - $ref = $group['stig']; - } - elseif (!empty($group['vms_id'])) { - $vms = $this->db->get_GoldDisk($group['vms_id']); - if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) { - $ref = $vms[0]; + if (empty($this->groups[$this->group_id]['sv_rule']) && is_a($sv_rule, "sv_rule")) { + $this->groups[$this->group_id]['sv_rule'] = $sv_rule; } - } - elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) { - $ref = $group['sv_rule']; - } - else { - $this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING); - continue; - } - $existing_finding = $this->db->get_Finding($this->tgt, $ref); - if (is_array($existing_finding) && count($existing_finding) && isset($existing_finding[0])) { - $finding = $existing_finding[0]; + if (empty($this->groups[$this->group_id]['stig']) && is_a($stig, "stig")) { + $this->groups[$this->group_id]['stig'] = $stig; + } - $finding->set_Finding_Status_By_String( - $finding->get_Deconflicted_Status($group['status']) - ); - $finding->prepend_Notes($note); - - $update_findings[$finding->get_PDI_ID()] = $finding; - } - else { - $new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); - } + if (isset($attrs['severity'])) { + switch ($attrs['severity']) { + case 'low': + $this->groups[$this->group_id]['cat'] = 3; + break; + case 'high': + $this->groups[$this->group_id]['cat'] = 1; + break; + } + } } - $this->db->add_Findings_By_Target($update_findings, $new_findings); + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result\cdf:result character data + * + * @param string $data + */ + public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data) + { + if (preg_match("/pass|true/i", $data)) { + $this->groups[$this->group_id]['status'] = "Not a Finding"; + } elseif (preg_match("/fail|false/i", $data)) { + $this->groups[$this->group_id]['status'] = "Open"; + } - $hl = new host_list(); - $hl->setTargetId($this->tgt->get_ID()); - $hl->setTargetName($this->tgt->get_Name()); - $hl->setFindingCount(count($new_findings) + count($update_findings)); - $hl->setScanError(false); + $this->log->script_log("{$this->group_id} {$this->groups[$this->group_id]['status']}", E_DEBUG); + } - $this->scan->add_Target_to_Host_List($hl); - } + /** + * Function to parse \cdf:Benchmark\cdf:TestResult\cdf:rule-result\cdf:ident character data + * + * @param string $data + */ + public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data) + {} + /** + * Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results + */ + public function cdf_Benchmark_cdf_TestResult_end() + { + $new_findings = []; + $update_findings = []; + $existing_findings = $this->db->get_Finding($this->tgt); + foreach ($this->groups as $pdi_id => $group) { + if (! empty($group['val_id'])) { + $note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']]; + } else { + $note = "(SCC) "; + } + + /* + if (isset($group['stig']) && is_a($group['stig'], 'stig')) { + $ref = $group['stig']; + } elseif (! empty($group['vms_id'])) { + $vms = $this->db->get_GoldDisk($group['vms_id']); + if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) { + $ref = $vms[0]; + } + } elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) { + $ref = $group['sv_rule']; + } else { + $this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING); + continue; + } + */ + + if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) { + /** + * @var finding $finding + */ + $finding = $existing_findings[$pdi_id]; + + $finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status'])); + if(preg_match("/" . preg_quote($note, "/") . "/", $finding->get_Notes())) { + $finding->set_Notes($note); + } else { + $finding->prepend_Notes($note); + } + + $update_findings[$pdi_id] = $finding; + } else { + $new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); + } + } + + $this->db->add_Findings_By_Target($update_findings, $new_findings); + + $hl = new host_list(); + $hl->setTargetId($this->tgt->get_ID()); + $hl->setTargetName($this->tgt->get_Name()); + $hl->setFindingCount(count($new_findings) + count($update_findings)); + $hl->setScanError(false); + + $this->db->update_Target_Counts($this->tgt->get_ID()); + + $this->scan->add_Target_to_Host_List($hl); + } } $xml = new scc_parser($conf['ste'], $cmd['f']); $xml->debug = (isset($cmd['debug']) ? true : false); $xml->parse(); -if (!$xml->debug) { - rename($cmd['f'], TMP . "/scc/" . $base_name); +if (! $xml->debug) { + rename($cmd['f'], TMP . "/scc/" . $base_name); } -$db->update_Running_Scan($base_name, ["name" => "perc_comp", "value" => 100, "complete" => 1]); +$db->update_Running_Scan($base_name, [ + "name" => "perc_comp", + "value" => 100, + "complete" => 1 +]); -function usage() { - print <<get_PDI_ID()] = $find; } } diff --git a/inc/helper.inc b/inc/helper.inc index 42419b0..6cbd4bc 100644 --- a/inc/helper.inc +++ b/inc/helper.inc @@ -831,7 +831,7 @@ function logify($fname) touch(LOG_PATH . "/{$fname}.log"); } - return LOG_PATH . "/{$fname}.log"; + return realpath(LOG_PATH . "/{$fname}.log"); } /** From c34d4eafd95bad763466c46e89d970d17039ce52 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 17 Oct 2018 22:28:29 -0400 Subject: [PATCH 08/52] Vendor updates --- inc/composer.json | 3 +- inc/composer.lock | 123 +++- inc/vendor/composer/ClassLoader.php | 2 +- inc/vendor/composer/autoload_namespaces.php | 1 + inc/vendor/composer/autoload_static.php | 11 + inc/vendor/composer/installed.json | 89 ++- inc/vendor/markbaker/complex/README.md | 1 + .../markbaker/complex/classes/Autoloader.php | 4 +- inc/vendor/markbaker/complex/composer.json | 14 + inc/vendor/openlss/lib-array2xml/.gitignore | 2 + inc/vendor/openlss/lib-array2xml/COPYING | 674 ++++++++++++++++++ .../openlss/lib-array2xml/COPYING LESSER | 165 +++++ .../openlss/lib-array2xml/LSS/Array2XML.php | 205 ++++++ .../openlss/lib-array2xml/LSS/XML2Array.php | 169 +++++ inc/vendor/openlss/lib-array2xml/README.md | 69 ++ .../openlss/lib-array2xml/composer.json | 33 + .../phpoffice/phpspreadsheet/CHANGELOG.md | 9 + .../phpoffice/phpspreadsheet/composer.json | 2 +- .../docs/topics/memory_saving.md | 2 +- .../src/PhpSpreadsheet/Helper/Sample.php | 2 +- .../src/PhpSpreadsheet/Reader/Xls.php | 2 +- .../src/PhpSpreadsheet/Reader/Xlsx.php | 2 +- .../src/PhpSpreadsheet/Shared/OLE.php | 2 +- .../src/PhpSpreadsheet/Style/NumberFormat.php | 3 + .../Worksheet/ColumnCellIterator.php | 6 +- .../Worksheet/ColumnIterator.php | 7 +- .../src/PhpSpreadsheet/Worksheet/Iterator.php | 4 +- .../Worksheet/RowCellIterator.php | 5 +- .../PhpSpreadsheet/Worksheet/RowIterator.php | 8 +- .../Worksheet/ColumnCellIteratorTest.php | 3 +- .../Worksheet/ColumnIteratorTest.php | 3 +- .../Worksheet/IteratorTest.php | 28 + .../Worksheet/RowCellIteratorTest.php | 3 +- .../Worksheet/RowIteratorTest.php | 3 +- .../tests/data/Style/NumberFormat.php | 20 + .../tests/data/Style/NumberFormatDates.php | 10 + inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT | 11 +- inc/vendor/tecnickcom/tcpdf/composer.json | 2 +- inc/vendor/tecnickcom/tcpdf/include/sRGB.icc | Bin 3048 -> 6922 bytes .../tecnickcom/tcpdf/include/tcpdf_fonts.php | 6 +- .../tecnickcom/tcpdf/include/tcpdf_static.php | 44 +- inc/vendor/tecnickcom/tcpdf/tcpdf.php | 220 +++--- 42 files changed, 1759 insertions(+), 213 deletions(-) create mode 100644 inc/vendor/openlss/lib-array2xml/.gitignore create mode 100644 inc/vendor/openlss/lib-array2xml/COPYING create mode 100644 inc/vendor/openlss/lib-array2xml/COPYING LESSER create mode 100644 inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php create mode 100644 inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php create mode 100644 inc/vendor/openlss/lib-array2xml/README.md create mode 100644 inc/vendor/openlss/lib-array2xml/composer.json create mode 100644 inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php diff --git a/inc/composer.json b/inc/composer.json index d474567..12393d7 100644 --- a/inc/composer.json +++ b/inc/composer.json @@ -4,7 +4,8 @@ "cocur/background-process" : "~0.7", "tecnickcom/tcpdf" : "~6.2", "pacificsec/cpe" : "1.0.1", - "monolog/monolog" : "~1.23" + "monolog/monolog" : "~1.23", + "openlss/lib-array2xml" : "~0.5" }, "require-dev" : { "phpunit/phpunit" : "~7.3" diff --git a/inc/composer.lock b/inc/composer.lock index 9bad4ec..63558d3 100644 --- a/inc/composer.lock +++ b/inc/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "8bf5f4a76098ff9277648c58793a04b5", + "content-hash": "0cb5c8b41ce699cfddd3ad1295045652", "packages": [ { "name": "cocur/background-process", @@ -46,16 +46,16 @@ }, { "name": "markbaker/complex", - "version": "1.4.6", + "version": "1.4.7", "source": { "type": "git", "url": "https://github.com/MarkBaker/PHPComplex.git", - "reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b" + "reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/a78d82ae4e682c3809fc3023d1b0ce654f6ab12b", - "reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b", + "url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000", + "reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000", "shasum": "" }, "require": { @@ -137,7 +137,7 @@ "complex", "mathematics" ], - "time": "2018-07-31T08:38:40+00:00" + "time": "2018-10-13T23:28:42+00:00" }, { "name": "monolog/monolog", @@ -217,6 +217,55 @@ ], "time": "2017-06-19T01:22:40+00:00" }, + { + "name": "openlss/lib-array2xml", + "version": "0.5.1", + "source": { + "type": "git", + "url": "https://github.com/nullivex/lib-array2xml.git", + "reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0", + "reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0", + "shasum": "" + }, + "require": { + "php": ">=5.3.2" + }, + "type": "library", + "autoload": { + "psr-0": { + "LSS": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Bryan Tong", + "email": "contact@nullivex.com", + "homepage": "http://bryantong.com" + }, + { + "name": "Tony Butler", + "email": "spudz76@gmail.com", + "homepage": "http://openlss.org" + } + ], + "description": "Array2XML conversion library credit to lalit.org", + "homepage": "http://openlss.org", + "keywords": [ + "array", + "array conversion", + "xml", + "xml conversion" + ], + "time": "2016-11-10T19:10:18+00:00" + }, { "name": "pacificsec/cpe", "version": "1.0.1", @@ -262,16 +311,16 @@ }, { "name": "phpoffice/phpspreadsheet", - "version": "1.4.0", + "version": "1.4.1", "source": { "type": "git", "url": "https://github.com/PHPOffice/PhpSpreadsheet.git", - "reference": "125f462a718956f37d81305ca0df4f17cef0f3b9" + "reference": "57404f43742a8164b5eac3ab03b962d8740885c1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/125f462a718956f37d81305ca0df4f17cef0f3b9", - "reference": "125f462a718956f37d81305ca0df4f17cef0f3b9", + "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1", + "reference": "57404f43742a8164b5eac3ab03b962d8740885c1", "shasum": "" }, "require": { @@ -304,7 +353,7 @@ "dompdf/dompdf": "Option for rendering PDF with PDF Writer", "jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers", "mpdf/mpdf": "Option for rendering PDF with PDF Writer", - "tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer" + "tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer" }, "type": "library", "autoload": { @@ -345,7 +394,7 @@ "xls", "xlsx" ], - "time": "2018-08-06T02:58:06+00:00" + "time": "2018-09-30T03:57:24+00:00" }, { "name": "psr/log", @@ -444,16 +493,16 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.2.22", + "version": "6.2.26", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2" + "reference": "367241059ca166e3a76490f4448c284e0a161f15" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2", - "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15", + "reference": "367241059ca166e3a76490f4448c284e0a161f15", "shasum": "" }, "require": { @@ -502,7 +551,7 @@ "pdf417", "qrcode" ], - "time": "2018-09-14T15:26:29+00:00" + "time": "2018-10-16T17:24:05+00:00" } ], "packages-dev": [ @@ -927,16 +976,16 @@ }, { "name": "phpunit/php-code-coverage", - "version": "6.0.7", + "version": "6.1.0", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "865662550c384bc1db7e51d29aeda1c2c161d69a" + "reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/865662550c384bc1db7e51d29aeda1c2c161d69a", - "reference": "865662550c384bc1db7e51d29aeda1c2c161d69a", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0685fb6a43aed1b2e09804d1aaf17144c82861f8", + "reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8", "shasum": "" }, "require": { @@ -960,7 +1009,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "6.0-dev" + "dev-master": "6.1-dev" } }, "autoload": { @@ -986,7 +1035,7 @@ "testing", "xunit" ], - "time": "2018-06-01T07:51:50+00:00" + "time": "2018-10-16T05:37:37+00:00" }, { "name": "phpunit/php-file-iterator", @@ -1179,16 +1228,16 @@ }, { "name": "phpunit/phpunit", - "version": "7.3.5", + "version": "7.4.0", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "7b331efabbb628c518c408fdfcaf571156775de2" + "reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/7b331efabbb628c518c408fdfcaf571156775de2", - "reference": "7b331efabbb628c518c408fdfcaf571156775de2", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f3837fa1e07758057ae06e8ddec6d06ba183f126", + "reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126", "shasum": "" }, "require": { @@ -1213,7 +1262,7 @@ "sebastian/exporter": "^3.1", "sebastian/global-state": "^2.0", "sebastian/object-enumerator": "^3.0.3", - "sebastian/resource-operations": "^1.0", + "sebastian/resource-operations": "^2.0", "sebastian/version": "^2.0.1" }, "conflict": { @@ -1233,7 +1282,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "7.3-dev" + "dev-master": "7.4-dev" } }, "autoload": { @@ -1259,7 +1308,7 @@ "testing", "xunit" ], - "time": "2018-09-08T15:14:29+00:00" + "time": "2018-10-05T04:05:24+00:00" }, { "name": "sebastian/code-unit-reverse-lookup", @@ -1741,25 +1790,25 @@ }, { "name": "sebastian/resource-operations", - "version": "1.0.0", + "version": "2.0.1", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/resource-operations.git", - "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52" + "reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/ce990bb21759f94aeafd30209e8cfcdfa8bc3f52", - "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52", + "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/4d7a795d35b889bf80a0cc04e08d77cedfa917a9", + "reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9", "shasum": "" }, "require": { - "php": ">=5.6.0" + "php": "^7.1" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.0.x-dev" + "dev-master": "2.0-dev" } }, "autoload": { @@ -1779,7 +1828,7 @@ ], "description": "Provides a list of PHP built-in functions that operate on resources", "homepage": "https://www.github.com/sebastianbergmann/resource-operations", - "time": "2015-07-28T20:34:47+00:00" + "time": "2018-10-04T04:07:39+00:00" }, { "name": "sebastian/version", diff --git a/inc/vendor/composer/ClassLoader.php b/inc/vendor/composer/ClassLoader.php index dc02dfb..95f7e09 100644 --- a/inc/vendor/composer/ClassLoader.php +++ b/inc/vendor/composer/ClassLoader.php @@ -377,7 +377,7 @@ class ClassLoader $subPath = $class; while (false !== $lastPos = strrpos($subPath, '\\')) { $subPath = substr($subPath, 0, $lastPos); - $search = $subPath.'\\'; + $search = $subPath . '\\'; if (isset($this->prefixDirsPsr4[$search])) { $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1); foreach ($this->prefixDirsPsr4[$search] as $dir) { diff --git a/inc/vendor/composer/autoload_namespaces.php b/inc/vendor/composer/autoload_namespaces.php index b7fc012..6241144 100644 --- a/inc/vendor/composer/autoload_namespaces.php +++ b/inc/vendor/composer/autoload_namespaces.php @@ -6,4 +6,5 @@ $vendorDir = dirname(dirname(__FILE__)); $baseDir = dirname($vendorDir); return array( + 'LSS' => array($vendorDir . '/openlss/lib-array2xml'), ); diff --git a/inc/vendor/composer/autoload_static.php b/inc/vendor/composer/autoload_static.php index 81d1d20..cda27a5 100644 --- a/inc/vendor/composer/autoload_static.php +++ b/inc/vendor/composer/autoload_static.php @@ -101,6 +101,16 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72 ), ); + public static $prefixesPsr0 = array ( + 'L' => + array ( + 'LSS' => + array ( + 0 => __DIR__ . '/..' . '/openlss/lib-array2xml', + ), + ), + ); + public static $classMap = array ( 'Datamatrix' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/datamatrix.php', 'PDF417' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/pdf417.php', @@ -123,6 +133,7 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72 return \Closure::bind(function () use ($loader) { $loader->prefixLengthsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixLengthsPsr4; $loader->prefixDirsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixDirsPsr4; + $loader->prefixesPsr0 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixesPsr0; $loader->classMap = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$classMap; }, null, ClassLoader::class); diff --git a/inc/vendor/composer/installed.json b/inc/vendor/composer/installed.json index 79cc9ac..c512a47 100644 --- a/inc/vendor/composer/installed.json +++ b/inc/vendor/composer/installed.json @@ -41,17 +41,17 @@ }, { "name": "markbaker/complex", - "version": "1.4.6", - "version_normalized": "1.4.6.0", + "version": "1.4.7", + "version_normalized": "1.4.7.0", "source": { "type": "git", "url": "https://github.com/MarkBaker/PHPComplex.git", - "reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b" + "reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/a78d82ae4e682c3809fc3023d1b0ce654f6ab12b", - "reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b", + "url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000", + "reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000", "shasum": "" }, "require": { @@ -67,7 +67,7 @@ "sebastian/phpcpd": "2.*", "squizlabs/php_codesniffer": "^3.3.0" }, - "time": "2018-07-31T08:38:40+00:00", + "time": "2018-10-13T23:28:42+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -216,6 +216,57 @@ "psr-3" ] }, + { + "name": "openlss/lib-array2xml", + "version": "0.5.1", + "version_normalized": "0.5.1.0", + "source": { + "type": "git", + "url": "https://github.com/nullivex/lib-array2xml.git", + "reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0", + "reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0", + "shasum": "" + }, + "require": { + "php": ">=5.3.2" + }, + "time": "2016-11-10T19:10:18+00:00", + "type": "library", + "installation-source": "dist", + "autoload": { + "psr-0": { + "LSS": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Bryan Tong", + "email": "contact@nullivex.com", + "homepage": "http://bryantong.com" + }, + { + "name": "Tony Butler", + "email": "spudz76@gmail.com", + "homepage": "http://openlss.org" + } + ], + "description": "Array2XML conversion library credit to lalit.org", + "homepage": "http://openlss.org", + "keywords": [ + "array", + "array conversion", + "xml", + "xml conversion" + ] + }, { "name": "pacificsec/cpe", "version": "1.0.1", @@ -263,17 +314,17 @@ }, { "name": "phpoffice/phpspreadsheet", - "version": "1.4.0", - "version_normalized": "1.4.0.0", + "version": "1.4.1", + "version_normalized": "1.4.1.0", "source": { "type": "git", "url": "https://github.com/PHPOffice/PhpSpreadsheet.git", - "reference": "125f462a718956f37d81305ca0df4f17cef0f3b9" + "reference": "57404f43742a8164b5eac3ab03b962d8740885c1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/125f462a718956f37d81305ca0df4f17cef0f3b9", - "reference": "125f462a718956f37d81305ca0df4f17cef0f3b9", + "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1", + "reference": "57404f43742a8164b5eac3ab03b962d8740885c1", "shasum": "" }, "require": { @@ -306,9 +357,9 @@ "dompdf/dompdf": "Option for rendering PDF with PDF Writer", "jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers", "mpdf/mpdf": "Option for rendering PDF with PDF Writer", - "tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer" + "tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer" }, - "time": "2018-08-06T02:58:06+00:00", + "time": "2018-09-30T03:57:24+00:00", "type": "library", "installation-source": "source", "autoload": { @@ -451,23 +502,23 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.2.22", - "version_normalized": "6.2.22.0", + "version": "6.2.26", + "version_normalized": "6.2.26.0", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2" + "reference": "367241059ca166e3a76490f4448c284e0a161f15" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2", - "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15", + "reference": "367241059ca166e3a76490f4448c284e0a161f15", "shasum": "" }, "require": { "php": ">=5.3.0" }, - "time": "2018-09-14T15:26:29+00:00", + "time": "2018-10-16T17:24:05+00:00", "type": "library", "installation-source": "dist", "autoload": { diff --git a/inc/vendor/markbaker/complex/README.md b/inc/vendor/markbaker/complex/README.md index 0e1133b..c306394 100644 --- a/inc/vendor/markbaker/complex/README.md +++ b/inc/vendor/markbaker/complex/README.md @@ -9,6 +9,7 @@ Master: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=m Develop: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=develop)](http://travis-ci.org/MarkBaker/PHPComplex) +[![Complex Numbers](https://imgs.xkcd.com/comics/complex_numbers_2x.png)](https://xkcd.com/2028/) --- diff --git a/inc/vendor/markbaker/complex/classes/Autoloader.php b/inc/vendor/markbaker/complex/classes/Autoloader.php index 9a8fcc1..e6e03ac 100644 --- a/inc/vendor/markbaker/complex/classes/Autoloader.php +++ b/inc/vendor/markbaker/complex/classes/Autoloader.php @@ -23,7 +23,7 @@ class Autoloader spl_autoload_register('__autoload'); } // Register ourselves with SPL - return spl_autoload_register(['Complex\Autoloader', 'Load']); + return spl_autoload_register(['Complex\\Autoloader', 'Load']); } @@ -41,7 +41,7 @@ class Autoloader $pClassFilePath = __DIR__ . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . - str_replace('Complex\\', '', $pClassName) . + str_replace(['Complex\\', '\\'], ['', '/'], $pClassName) . '.php'; if ((file_exists($pClassFilePath) === false) || (is_readable($pClassFilePath) === false)) { diff --git a/inc/vendor/markbaker/complex/composer.json b/inc/vendor/markbaker/complex/composer.json index cb05712..91e9e23 100644 --- a/inc/vendor/markbaker/complex/composer.json +++ b/inc/vendor/markbaker/complex/composer.json @@ -73,5 +73,19 @@ "classes/src/operations/divideinto.php" ] }, + "scripts": { + "style": [ + "phpcs --report-width=200 --report-summary --report-full classes/src/ --standard=PSR2 -n" + ], + "mess": [ + "phpmd classes/src/ xml codesize,unusedcode,design,naming -n" + ], + "lines": [ + "phploc classes/src/ -n" + ], + "cpd": [ + "phpcpd classes/src/ -n" + ] + }, "minimum-stability": "dev" } \ No newline at end of file diff --git a/inc/vendor/openlss/lib-array2xml/.gitignore b/inc/vendor/openlss/lib-array2xml/.gitignore new file mode 100644 index 0000000..de4a392 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/.gitignore @@ -0,0 +1,2 @@ +/vendor +/composer.lock diff --git a/inc/vendor/openlss/lib-array2xml/COPYING b/inc/vendor/openlss/lib-array2xml/COPYING new file mode 100644 index 0000000..20d40b6 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/COPYING @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. \ No newline at end of file diff --git a/inc/vendor/openlss/lib-array2xml/COPYING LESSER b/inc/vendor/openlss/lib-array2xml/COPYING LESSER new file mode 100644 index 0000000..02bbb60 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/COPYING LESSER @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. \ No newline at end of file diff --git a/inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php b/inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php new file mode 100644 index 0000000..581f313 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php @@ -0,0 +1,205 @@ +. + */ +namespace LSS; + +use \DomDocument; +use \Exception; + +/** + * Array2XML: A class to convert array in PHP to XML + * It also takes into account attributes names unlike SimpleXML in PHP + * It returns the XML in form of DOMDocument class for further manipulation. + * It throws exception if the tag name or attribute name has illegal chars. + * + * Author : Lalit Patel + * Website: http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes + * License: Apache License 2.0 + * http://www.apache.org/licenses/LICENSE-2.0 + * Version: 0.1 (10 July 2011) + * Version: 0.2 (16 August 2011) + * - replaced htmlentities() with htmlspecialchars() (Thanks to Liel Dulev) + * - fixed a edge case where root node has a false/null/0 value. (Thanks to Liel Dulev) + * Version: 0.3 (22 August 2011) + * - fixed tag sanitize regex which didn't allow tagnames with single character. + * Version: 0.4 (18 September 2011) + * - Added support for CDATA section using @cdata instead of @value. + * Version: 0.5 (07 December 2011) + * - Changed logic to check numeric array indices not starting from 0. + * Version: 0.6 (04 March 2012) + * - Code now doesn't @cdata to be placed in an empty array + * Version: 0.7 (24 March 2012) + * - Reverted to version 0.5 + * Version: 0.8 (02 May 2012) + * - Removed htmlspecialchars() before adding to text node or attributes. + * Version: 0.11 (28 October 2015) + * - Fixed typos; Added support for plain insertion of XML trough @xml. + * + * Usage: + * $xml = Array2XML::createXML('root_node_name', $php_array); + * echo $xml->saveXML(); + */ +class Array2XML { + + /** + * @var DOMDocument + */ + private static $xml = null; + private static $encoding = 'UTF-8'; + + /** + * Initialize the root XML node [optional] + * @param $version + * @param $encoding + * @param $format_output + */ + public static function init($version = '1.0', $encoding = 'UTF-8', $format_output = true) { + self::$xml = new DomDocument($version, $encoding); + self::$xml->formatOutput = $format_output; + self::$encoding = $encoding; + } + + /** + * Convert an Array to XML + * @param string $node_name - name of the root node to be converted + * @param array $arr - aray to be converterd + * @return DomDocument + */ + public static function &createXML($node_name, $arr = array()) { + $xml = self::getXMLRoot(); + $xml->appendChild(self::convert($node_name, $arr)); + + self::$xml = null; // clear the xml node in the class for 2nd time use. + return $xml; + } + + /** + * Convert an Array to XML. + * + * @param string $node_name + * Name of the root node to be converted. + * @param array $arr + * Array to be converted. + * + * @throws \Exception + * + * @return \DOMNode + */ + private static function &convert($node_name, $arr = array()) { + + //print_arr($node_name); + $xml = self::getXMLRoot(); + $node = $xml->createElement($node_name); + + if (is_array($arr)) { + // get the attributes first.; + if (isset($arr['@attributes'])) { + foreach ($arr['@attributes'] as $key => $value) { + if (!self::isValidTagName($key)) { + throw new Exception('[Array2XML] Illegal character in attribute name. attribute: ' . $key . ' in node: ' . $node_name); + } + $node->setAttribute($key, self::bool2str($value)); + } + unset($arr['@attributes']); //remove the key from the array once done. + } + + // check if it has a value stored in @value, if yes store the value and return + // else check if its directly stored as string + if (isset($arr['@value'])) { + $node->appendChild($xml->createTextNode(self::bool2str($arr['@value']))); + unset($arr['@value']); //remove the key from the array once done. + //return from recursion, as a note with value cannot have child nodes. + return $node; + } else if (isset($arr['@cdata'])) { + $node->appendChild($xml->createCDATASection(self::bool2str($arr['@cdata']))); + unset($arr['@cdata']); //remove the key from the array once done. + //return from recursion, as a note with cdata cannot have child nodes. + return $node; + } + else if (isset($arr['@xml'])) { + $fragment = $xml->createDocumentFragment(); + $fragment->appendXML($arr['@xml']); + $node->appendChild($fragment); + unset($arr['@xml']); + return $node; + } + } + + //create subnodes using recursion + if (is_array($arr)) { + // recurse to get the node for that key + foreach ($arr as $key => $value) { + if (!self::isValidTagName($key)) { + throw new Exception('[Array2XML] Illegal character in tag name. tag: ' . $key . ' in node: ' . $node_name); + } + if (is_array($value) && is_numeric(key($value))) { + // MORE THAN ONE NODE OF ITS KIND; + // if the new array is numeric index, means it is array of nodes of the same kind + // it should follow the parent key name + foreach ($value as $k => $v) { + $node->appendChild(self::convert($key, $v)); + } + } else { + // ONLY ONE NODE OF ITS KIND + $node->appendChild(self::convert($key, $value)); + } + unset($arr[$key]); //remove the key from the array once done. + } + } + + // after we are done with all the keys in the array (if it is one) + // we check if it has any text value, if yes, append it. + if (!is_array($arr)) { + $node->appendChild($xml->createTextNode(self::bool2str($arr))); + } + + return $node; + } + + /* + * Get the root XML node, if there isn't one, create it. + */ + private static function getXMLRoot() { + if (empty(self::$xml)) { + self::init(); + } + return self::$xml; + } + + /* + * Get string representation of boolean value + */ + private static function bool2str($v) { + //convert boolean to text value. + $v = $v === true ? 'true' : $v; + $v = $v === false ? 'false' : $v; + return $v; + } + + /* + * Check if the tag name or attribute name contains illegal characters + * Ref: http://www.w3.org/TR/xml/#sec-common-syn + */ + private static function isValidTagName($tag) { + $pattern = '/^[a-z_]+[a-z0-9\:\-\.\_]*[^:]*$/i'; + return preg_match($pattern, $tag, $matches) && $matches[0] == $tag; + } +} + diff --git a/inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php b/inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php new file mode 100644 index 0000000..31ce04b --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php @@ -0,0 +1,169 @@ +. + */ +namespace LSS; +use \DOMDocument; +use \Exception; + +/** + * XML2Array: A class to convert XML to array in PHP + * It returns the array which can be converted back to XML using the Array2XML script + * It takes an XML string or a DOMDocument object as an input. + * + * See Array2XML: http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes + * + * Author : Lalit Patel + * Website: http://www.lalit.org/lab/convert-xml-to-array-in-php-xml2array + * License: Apache License 2.0 + * http://www.apache.org/licenses/LICENSE-2.0 + * Version: 0.1 (07 Dec 2011) + * Version: 0.2 (04 Mar 2012) + * Fixed typo 'DomDocument' to 'DOMDocument' + * + * Usage: + * $array = XML2Array::createArray($xml); + */ + +class XML2Array { + + protected static $xml = null; + protected static $encoding = 'UTF-8'; + protected static $prefix_attributes = '@'; + + /** + * Initialize the root XML node [optional] + * @param $version + * @param $encoding + * @param $format_output + */ + public static function init($version = '1.0', $encoding = 'UTF-8', $format_output = true) { + self::$xml = new DOMDocument($version, $encoding); + self::$xml->formatOutput = $format_output; + self::$encoding = $encoding; + } + + /** + * Convert an XML to Array + * @param string $node_name - name of the root node to be converted + * @param int - Bitwise OR of the libxml option constants see @link http://php.net/manual/zh/libxml.constants.php + * @param array $arr - aray to be converterd + * @return DOMDocument + */ + public static function &createArray($input_xml, $options = 0) { + $xml = self::getXMLRoot(); + if(is_string($input_xml)) { + $parsed = $xml->loadXML($input_xml, $options); + if(!$parsed) { + throw new Exception('[XML2Array] Error parsing the XML string.'); + } + } else { + if(get_class($input_xml) != 'DOMDocument') { + throw new Exception('[XML2Array] The input XML object should be of type: DOMDocument.'); + } + $xml = self::$xml = $input_xml; + } + $array[$xml->documentElement->tagName] = self::convert($xml->documentElement); + self::$xml = null; // clear the xml node in the class for 2nd time use. + return $array; + } + + /** + * Convert an Array to XML + * @param mixed $node - XML as a string or as an object of DOMDocument + * @return mixed + */ + protected static function &convert($node) { + $output = array(); + + switch ($node->nodeType) { + case XML_CDATA_SECTION_NODE: + $output[static::$prefix_attributes.'cdata'] = trim($node->textContent); + break; + + case XML_TEXT_NODE: + $output = trim($node->textContent); + break; + + case XML_ELEMENT_NODE: + + // for each child node, call the covert function recursively + for ($i=0, $m=$node->childNodes->length; $i<$m; $i++) { + $child = $node->childNodes->item($i); + $v = self::convert($child); + if(isset($child->tagName)) { + $t = $child->tagName; + + // avoid fatal error if the content looks like 'You are being redirected.' + if(isset($output) && !is_array($output)) { + continue; + } + // assume more nodes of same kind are coming + if(!isset($output[$t])) { + $output[$t] = array(); + } + $output[$t][] = $v; + } else { + //check if it is not an empty text node + if($v !== '') { + $output = $v; + } + } + } + + if(is_array($output)) { + // if only one node of its kind, assign it directly instead if array($value); + foreach ($output as $t => $v) { + if(is_array($v) && count($v)==1) { + $output[$t] = $v[0]; + } + } + if(empty($output)) { + //for empty nodes + $output = ''; + } + } + + // loop through the attributes and collect them + if($node->attributes->length) { + $a = array(); + foreach($node->attributes as $attrName => $attrNode) { + $a[$attrName] = (string) $attrNode->value; + } + // if its an leaf node, store the value in @value instead of directly storing it. + if(!is_array($output)) { + $output = array(static::$prefix_attributes.'value' => $output); + } + $output[static::$prefix_attributes.'attributes'] = $a; + } + break; + } + return $output; + } + + /* + * Get the root XML node, if there isn't one, create it. + */ + protected static function getXMLRoot(){ + if(empty(self::$xml)) { + self::init(); + } + return self::$xml; + } +} diff --git a/inc/vendor/openlss/lib-array2xml/README.md b/inc/vendor/openlss/lib-array2xml/README.md new file mode 100644 index 0000000..50b6293 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/README.md @@ -0,0 +1,69 @@ +lib-array2xml +============= + +Array2XML conversion library credit to lalit.org + +Usage +---- +```php +//create XML +$xml = Array2XML::createXML('root_node_name', $php_array); +echo $xml->saveXML(); + +//create Array +$array = XML2Array::createArray($xml); +print_r($array); +``` + +Array2XML +---- + +@xml example: +```php +// Build the array that should be transformed into a XML object. +$array = [ + 'title' => 'A title', + 'body' => [ + '@xml' => '

The content for the news item

', + ], +]; + +// Use the Array2XML object to transform it. +$xml = Array2XML::createXML('news', $array); +echo $xml->saveXML(); +``` +This will result in the following. +```xml + + + A title + + + +

The content for the news item

+ + + +
+``` + +Reference +---- +More complete references can be found here + http://www.lalit.org/lab/convert-xml-to-array-in-php-xml2array/ + http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes/ + +## Changelog + +### 0.5.1 +* Fix fata error when the array passed is empty fixed by pull request #6 + +### 0.5.0 +* add second parameter to XML2Array::createArray for DOMDocument::load, e.g: LIBXML_NOCDATA +* change method visibility from private to protected for overloading +* Merge pull request #5 to add child xml +* Merge pull request #4 to change method visibility and add second parameter for load. + + +### 0.1.0 +* Initial Release diff --git a/inc/vendor/openlss/lib-array2xml/composer.json b/inc/vendor/openlss/lib-array2xml/composer.json new file mode 100644 index 0000000..0a514c9 --- /dev/null +++ b/inc/vendor/openlss/lib-array2xml/composer.json @@ -0,0 +1,33 @@ +{ + "name": "openlss/lib-array2xml" + ,"homepage": "http://openlss.org" + ,"description": "Array2XML conversion library credit to lalit.org" + ,"license": "Apache-2.0" + ,"type": "library" + ,"keywords": [ + "array" + ,"xml" + ,"xml conversion" + ,"array conversion" + ] + ,"authors": [ + { + "name": "Bryan Tong" + ,"email": "contact@nullivex.com" + ,"homepage": "http://bryantong.com" + } + ,{ + "name": "Tony Butler" + ,"email": "spudz76@gmail.com" + ,"homepage": "http://openlss.org" + } + ] + ,"require": { + "php": ">=5.3.2" + } + ,"autoload": { + "psr-0": { + "LSS": "" + } + } +} diff --git a/inc/vendor/phpoffice/phpspreadsheet/CHANGELOG.md b/inc/vendor/phpoffice/phpspreadsheet/CHANGELOG.md index 42e6fc2..3cd3e9a 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/CHANGELOG.md +++ b/inc/vendor/phpoffice/phpspreadsheet/CHANGELOG.md @@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.4.1] - 2018-09-30 + +### Fixed + +- Remove locale from formatting string - [#644](https://github.com/PHPOffice/PhpSpreadsheet/pull/644) +- Allow iterators to go out of bounds with prev - [#587](https://github.com/PHPOffice/PhpSpreadsheet/issues/587) +- Fix warning when reading xlsx without styles - [#631](https://github.com/PHPOffice/PhpSpreadsheet/pull/631) +- Fix broken sample links on windows due to $baseDir having backslash - [#653](https://github.com/PHPOffice/PhpSpreadsheet/pull/653) + ## [1.4.0] - 2018-08-06 ### Added diff --git a/inc/vendor/phpoffice/phpspreadsheet/composer.json b/inc/vendor/phpoffice/phpspreadsheet/composer.json index 4a08707..ce228ad 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/composer.json +++ b/inc/vendor/phpoffice/phpspreadsheet/composer.json @@ -61,7 +61,7 @@ "suggest": { "mpdf/mpdf": "Option for rendering PDF with PDF Writer", "dompdf/dompdf": "Option for rendering PDF with PDF Writer", - "tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer", + "tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer", "jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers" }, "autoload": { diff --git a/inc/vendor/phpoffice/phpspreadsheet/docs/topics/memory_saving.md b/inc/vendor/phpoffice/phpspreadsheet/docs/topics/memory_saving.md index e6b744f..c7f9a0c 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/docs/topics/memory_saving.md +++ b/inc/vendor/phpoffice/phpspreadsheet/docs/topics/memory_saving.md @@ -43,7 +43,7 @@ usage of PhpSpreadsheet. ## Common use cases PhpSpreadsheet does not ship with alternative cache implementation. It is up to -you to select the most appropriate implementation for your environnement. You +you to select the most appropriate implementation for your environment. You can either implement [PSR-16](http://www.php-fig.org/psr/psr-16/) from scratch, or use [pre-existing libraries](https://packagist.org/search/?q=psr-16). diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Helper/Sample.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Helper/Sample.php index 54e0e29..e199c80 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Helper/Sample.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Helper/Sample.php @@ -82,7 +82,7 @@ class Sample $files = []; foreach ($regex as $file) { - $file = str_replace($baseDir . '/', '', $file[0]); + $file = str_replace(str_replace('\\', '/', $baseDir) . '/', '', str_replace('\\', '/', $file[0])); $info = pathinfo($file); $category = str_replace('_', ' ', $info['dirname']); $name = str_replace('_', ' ', preg_replace('/(|\.php)/', '', $info['filename'])); diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xls.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xls.php index 3416c35..e6803c7 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xls.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xls.php @@ -1127,7 +1127,7 @@ class Xls extends BaseReader // TODO: Why is there no BSE Index? Is this a new Office Version? Password protected field? // More likely : a uncompatible picture if (!$BSEindex) { - continue; + continue 2; } $BSECollection = $escherWorkbook->getDggContainer()->getBstoreContainer()->getBSECollection(); diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xlsx.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xlsx.php index c6e8512..a770985 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xlsx.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Xlsx.php @@ -643,7 +643,7 @@ class Xlsx extends BaseReader $excel->addCellXf($objStyle); } - foreach ($xmlStyles->cellStyleXfs->xf as $xf) { + foreach (isset($xmlStyles->cellStyleXfs->xf) ? $xmlStyles->cellStyleXfs->xf : [] as $xf) { $numFmt = NumberFormat::FORMAT_GENERAL; if ($numFmts && $xf['numFmtId']) { $tmpNumFmt = self::getArrayItem($numFmts->xpath("sml:numFmt[@numFmtId=$xf[numFmtId]]")); diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Shared/OLE.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Shared/OLE.php index d78c079..2e9ec25 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Shared/OLE.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Shared/OLE.php @@ -320,7 +320,7 @@ class OLE break; default: - continue; + break; } fseek($fh, 1, SEEK_CUR); $pps->Type = $type; diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Style/NumberFormat.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Style/NumberFormat.php index 63ef20a..dc52a84 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Style/NumberFormat.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Style/NumberFormat.php @@ -691,6 +691,9 @@ class NumberFormat extends Supervisor // Strip # $format = preg_replace('/\\#/', '0', $format); + // Remove locale code [$-###] + $format = preg_replace('/\[\$\-.*\]/', '', $format); + $n = '/\\[[^\\]]+\\]/'; $m = preg_replace($n, '', $format); $number_regex = '/(0+)(\\.?)(0*)/'; diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnCellIterator.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnCellIterator.php index a4cdb6f..7e8f040 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnCellIterator.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnCellIterator.php @@ -153,10 +153,6 @@ class ColumnCellIterator extends CellIterator */ public function prev() { - if ($this->currentRow <= $this->startRow) { - throw new PhpSpreadsheetException("Row is already at the beginning of range ({$this->startRow} - {$this->endRow})"); - } - do { --$this->currentRow; } while (($this->onlyExistingCells) && @@ -171,7 +167,7 @@ class ColumnCellIterator extends CellIterator */ public function valid() { - return $this->currentRow <= $this->endRow; + return $this->currentRow <= $this->endRow && $this->currentRow >= $this->startRow; } /** diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnIterator.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnIterator.php index 6fdfe3b..d2b57aa 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnIterator.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/ColumnIterator.php @@ -157,14 +157,9 @@ class ColumnIterator implements \Iterator /** * Set the iterator to its previous value. - * - * @throws PhpSpreadsheetException */ public function prev() { - if ($this->currentColumnIndex <= $this->startColumnIndex) { - throw new PhpSpreadsheetException('Column is already at the beginning of range (' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ' - ' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ')'); - } --$this->currentColumnIndex; } @@ -175,6 +170,6 @@ class ColumnIterator implements \Iterator */ public function valid() { - return $this->currentColumnIndex <= $this->endColumnIndex; + return $this->currentColumnIndex <= $this->endColumnIndex && $this->currentColumnIndex >= $this->startColumnIndex; } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/Iterator.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/Iterator.php index 311808c..d8797a3 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/Iterator.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/Iterator.php @@ -25,7 +25,7 @@ class Iterator implements \Iterator * * @param Spreadsheet $subject */ - public function __construct(Spreadsheet $subject = null) + public function __construct(Spreadsheet $subject) { // Set subject $this->subject = $subject; @@ -82,6 +82,6 @@ class Iterator implements \Iterator */ public function valid() { - return $this->position < $this->subject->getSheetCount(); + return $this->position < $this->subject->getSheetCount() && $this->position >= 0; } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowCellIterator.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowCellIterator.php index 23d9b9f..59ef329 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowCellIterator.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowCellIterator.php @@ -155,9 +155,6 @@ class RowCellIterator extends CellIterator */ public function prev() { - if ($this->currentColumnIndex <= $this->startColumnIndex) { - throw new PhpSpreadsheetException('Column is already at the beginning of range (' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ' - ' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ')'); - } do { --$this->currentColumnIndex; } while (($this->onlyExistingCells) && (!$this->worksheet->cellExistsByColumnAndRow($this->currentColumnIndex, $this->rowIndex)) && ($this->currentColumnIndex >= $this->startColumnIndex)); @@ -170,7 +167,7 @@ class RowCellIterator extends CellIterator */ public function valid() { - return $this->currentColumnIndex <= $this->endColumnIndex; + return $this->currentColumnIndex <= $this->endColumnIndex && $this->currentColumnIndex >= $this->startColumnIndex; } /** diff --git a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowIterator.php b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowIterator.php index 70b7b8f..433cea6 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowIterator.php +++ b/inc/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Worksheet/RowIterator.php @@ -152,15 +152,9 @@ class RowIterator implements \Iterator /** * Set the iterator to its previous value. - * - * @throws PhpSpreadsheetException */ public function prev() { - if ($this->position <= $this->startRow) { - throw new PhpSpreadsheetException("Row is already at the beginning of range ({$this->startRow} - {$this->endRow})"); - } - --$this->position; } @@ -171,6 +165,6 @@ class RowIterator implements \Iterator */ public function valid() { - return $this->position <= $this->endRow; + return $this->position <= $this->endRow && $this->position >= $this->startRow; } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnCellIteratorTest.php b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnCellIteratorTest.php index 46880e2..3975674 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnCellIteratorTest.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnCellIteratorTest.php @@ -78,9 +78,8 @@ class ColumnCellIteratorTest extends TestCase public function testPrevOutOfRange() { - $this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class); - $iterator = new ColumnCellIterator($this->mockWorksheet, 'A', 2, 4); $iterator->prev(); + self::assertFalse($iterator->valid()); } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnIteratorTest.php b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnIteratorTest.php index 7285961..04c626d 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnIteratorTest.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/ColumnIteratorTest.php @@ -77,9 +77,8 @@ class ColumnIteratorTest extends TestCase public function testPrevOutOfRange() { - $this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class); - $iterator = new ColumnIterator($this->mockWorksheet, 'B', 'D'); $iterator->prev(); + self::assertFalse($iterator->valid()); } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php new file mode 100644 index 0000000..80a2d78 --- /dev/null +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php @@ -0,0 +1,28 @@ +createSheet(); + $spreadsheet->createSheet(); + + $iterator = new Iterator($spreadsheet); + $columnIndexResult = 0; + self::assertEquals($columnIndexResult, $iterator->key()); + + foreach ($iterator as $key => $column) { + self::assertEquals($columnIndexResult++, $key); + self::assertInstanceOf(Worksheet::class, $column); + } + self::assertSame(3, $columnIndexResult); + } +} diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowCellIteratorTest.php b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowCellIteratorTest.php index 9346d0a..a10c7aa 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowCellIteratorTest.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowCellIteratorTest.php @@ -80,9 +80,8 @@ class RowCellIteratorTest extends TestCase public function testPrevOutOfRange() { - $this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class); - $iterator = new RowCellIterator($this->mockWorksheet, 2, 'B', 'D'); $iterator->prev(); + self::assertFalse($iterator->valid()); } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowIteratorTest.php b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowIteratorTest.php index 63e26b3..cb0b12d 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowIteratorTest.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/RowIteratorTest.php @@ -75,9 +75,8 @@ class RowIteratorTest extends TestCase public function testPrevOutOfRange() { - $this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class); - $iterator = new RowIterator($this->mockWorksheet, 2, 4); $iterator->prev(); + self::assertFalse($iterator->valid()); } } diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormat.php b/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormat.php index 196fa2c..a7584ee 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormat.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormat.php @@ -186,4 +186,24 @@ return [ -1234567.8899999999, '0000:00.00', ], + [ + '18.952', + 18.952, + '[$-409]General', + ], + [ + '9.98', + 9.98, + '[$-409]#,##0.00;-#,##0.00', + ], + [ + '18.952', + 18.952, + '[$-1010409]General', + ], + [ + '9.98', + 9.98, + '[$-1010409]#,##0.00;-#,##0.00', + ], ]; diff --git a/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormatDates.php b/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormatDates.php index 5b74fbe..be8dc96 100644 --- a/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormatDates.php +++ b/inc/vendor/phpoffice/phpspreadsheet/tests/data/Style/NumberFormatDates.php @@ -62,4 +62,14 @@ return [ 43270.603472222, 'hh:mm:ss\ AM/PM', ], + [ + '8/20/2018', + 43332, + '[$-409]m/d/yyyy', + ], + [ + '8/20/2018', + 43332, + '[$-1010409]m/d/yyyy', + ], ]; diff --git a/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT b/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT index fc0bb41..3bdae3e 100644 --- a/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT +++ b/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT @@ -1,4 +1,13 @@ -6.2.20 +6.2.25 + - Fix support for image URLs. + +6.2.24 + - Support remote urls when checking if file exists. + +6.2.23 + - Simplify file_exists function. + +6.2.22 - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. 6.2.19 diff --git a/inc/vendor/tecnickcom/tcpdf/composer.json b/inc/vendor/tecnickcom/tcpdf/composer.json index df1e50d..1f19dfd 100644 --- a/inc/vendor/tecnickcom/tcpdf/composer.json +++ b/inc/vendor/tecnickcom/tcpdf/composer.json @@ -1,6 +1,6 @@ { "name": "tecnickcom/tcpdf", - "version": "6.2.22", + "version": "6.2.26", "homepage": "http://www.tcpdf.org/", "type": "library", "description": "TCPDF is a PHP class for generating PDF documents and barcodes.", diff --git a/inc/vendor/tecnickcom/tcpdf/include/sRGB.icc b/inc/vendor/tecnickcom/tcpdf/include/sRGB.icc index 71e33830223c4c05c61002462e13df02bb30ae02..1d8f7419c3bf2c6a3dd78f2c679fdefbda1776a3 100644 GIT binary patch delta 484 zcmZ{gKS;ws6vn@6QEP};N>QoH3B}2xleoAj)J0Kh2Njn#xu!~!#!JK&2MccEP^g0n zf*@{gf;x$VtCK}H=T0tyv+t6jI(Wm~kMDi={&j|rrt`q4RxxZZG6mRYs z9mRXT>jRM$;-sXq#1uoa7;;Uq74mW5$>-+Da|y(BD`4$LaWUY;gJPpBZ6K3+rVnYu zl~f?5ij9R$5CL)3CbxtmWWg6Er;e8sz%NISN1IS`tHJu?{{>o4Ov`@F2E((VQ?uJ$AL?HE`bqMm}!aOpkT1Y&ZsGi>i!Q??8SZSbPD_&Vlg~ f<=XT`jiv*fDmSWbU2a)re}eCNf|sNal{&N^xK(OJ delta 691 zcmYjPJ!lj`6n?vhB<`Ik_!Gh6rZ~h%R+0;xUSX3vk#xrz#n{d6&h0JPKXzwL0)mB# zVq=c8v5R7@g`$l`O0ls}1bDwJ&&3yP672rct}MS0#z75ecj)CVUg| zX=}idQ+2Yg?B^LLDJsK*;sHbXLV-sLM8ohY? zY*VdGw#O_^p_-NQuITgBlZ<>jp%!GyajOd6Ws{ak*{9y zD`t^nWyq&|wIo%J095AjQXiMG@Dae7-x%LWT!)dYV=S?;0(C?5MJxiW;gTy>-N3=Z z0^5~t7%(@W?#ueI;~sS!ln+6QH5?<_hS7TLIs?fT11aKwlL7bgE@QGx!dSYgKf{`{ pvu%K+Ki?!BD77xYo^M(9>o~x~eSn>NS@!>7mhE8amCpcM=`QZps%!uN diff --git a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php index 211a236..9242ca4 100644 --- a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php +++ b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php @@ -2003,7 +2003,11 @@ class TCPDF_FONTS { $chars = str_split($str); $carr = array_map('ord', $chars); } - $currentfont['subsetchars'] += array_fill_keys($carr, true); + if (is_array($currentfont['subsetchars']) && is_array($carr)) { + $currentfont['subsetchars'] += array_fill_keys($carr, true); + } else { + $currentfont['subsetchars'] = array_merge($currentfont['subsetchars'], $carr); + } return $carr; } diff --git a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php index b010f7a..df1b28e 100644 --- a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php +++ b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php @@ -55,7 +55,7 @@ class TCPDF_STATIC { * Current TCPDF version. * @private static */ - private static $tcpdf_version = '6.2.22'; + private static $tcpdf_version = '6.2.26'; /** * String alias for total number of pages. @@ -1821,6 +1821,31 @@ class TCPDF_STATIC { return fopen($filename, $mode); } + /** + * Check if the URL exist. + * @param url (string) URL to check. + * @return Returns TRUE if the URL exists; FALSE otherwise. + * @public static + */ + public static function url_exists($url) { + $crs = curl_init(); + curl_setopt($crs, CURLOPT_URL, $url); + curl_setopt($crs, CURLOPT_NOBODY, true); + curl_setopt($crs, CURLOPT_FAILONERROR, true); + if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) { + curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true); + } + curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5); + curl_setopt($crs, CURLOPT_TIMEOUT, 30); + curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file'); + curl_exec($crs); + $code = curl_getinfo($crs, CURLINFO_HTTP_CODE); + curl_close($crs); + return ($code == 200); + } + /** * Wrapper for file_exists. * Checks whether a file or directory exists. @@ -1830,20 +1855,11 @@ class TCPDF_STATIC { * @public static */ public static function file_exists($filename) { - if (strpos($filename, '://') > 0) { - $wrappers = stream_get_wrappers(); - foreach ($wrappers as $wrapper) { - if (($wrapper === 'http') || ($wrapper === 'https')) { - continue; - } - if (stripos($filename, $wrapper.'://') === 0) { - return false; - } - } + if (preg_match('|^https?://|', $filename) == 1) { + return self::url_exists($filename); } - if (!@file_exists($filename)) { - // try to encode spaces on filename - $filename = str_replace(' ', '%20', $filename); + if (strpos($filename, '://')) { + return false; // only support http and https wrappers for security reasons } return @file_exists($filename); } diff --git a/inc/vendor/tecnickcom/tcpdf/tcpdf.php b/inc/vendor/tecnickcom/tcpdf/tcpdf.php index b2c8ceb..24ef434 100644 --- a/inc/vendor/tecnickcom/tcpdf/tcpdf.php +++ b/inc/vendor/tecnickcom/tcpdf/tcpdf.php @@ -1,7 +1,7 @@ * @package com.tecnick.tcpdf * @author Nicola Asuni - * @version 6.2.22 + * @version 6.2.26 */ // TCPDF configuration @@ -128,7 +128,7 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php'); * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.
* @package com.tecnick.tcpdf * @brief PHP class for generating PDF documents without requiring external extensions. - * @version 6.2.22 + * @version 6.2.26 * @author Nicola Asuni - info@tecnick.com * @IgnoreAnnotation("protected") * @IgnoreAnnotation("public") @@ -5769,10 +5769,9 @@ class TCPDF { $this->resetLastH(); } if (!TCPDF_STATIC::empty_string($y)) { - $this->SetY($y); - } else { - $y = $this->GetY(); + $this->SetY($y); // set y in order to convert negative y values to positive ones } + $y = $this->GetY(); $resth = 0; if (($h > 0) AND $this->inPageBody() AND (($y + $h + $mc_margin['T'] + $mc_margin['B']) > $this->PageBreakTrigger)) { // spit cell in more pages/columns @@ -9648,7 +9647,7 @@ class TCPDF { protected function _putcatalog() { // put XMP $xmpobj = $this->_putXMP(); - // if required, add standard sRGB_IEC61966-2.1 blackscaled ICC colour profile + // if required, add standard sRGB ICC colour profile if ($this->pdfa_mode OR $this->force_srgb) { $iccobj = $this->_newobj(); $icc = file_get_contents(dirname(__FILE__).'/include/sRGB.icc'); @@ -18818,102 +18817,124 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: break; } case 'img': { - if (!empty($tag['attribute']['src'])) { - if ($tag['attribute']['src'][0] === '@') { - // data stream - $tag['attribute']['src'] = '@'.base64_decode(substr($tag['attribute']['src'], 1)); - $type = ''; - } else { - // get image type - $type = TCPDF_IMAGES::getImageFileType($tag['attribute']['src']); - } - if (!isset($tag['width'])) { - $tag['width'] = 0; - } - if (!isset($tag['height'])) { - $tag['height'] = 0; - } - //if (!isset($tag['attribute']['align'])) { - // the only alignment supported is "bottom" - // further development is required for other modes. - $tag['attribute']['align'] = 'bottom'; - //} - switch($tag['attribute']['align']) { - case 'top': { - $align = 'T'; - break; - } - case 'middle': { - $align = 'M'; - break; - } - case 'bottom': { - $align = 'B'; - break; - } - default: { - $align = 'B'; - break; - } - } - $prevy = $this->y; - $xpos = $this->x; - $imglink = ''; - if (isset($this->HREF['url']) AND !TCPDF_STATIC::empty_string($this->HREF['url'])) { - $imglink = $this->HREF['url']; - if ($imglink[0] == '#') { - // convert url to internal link - $lnkdata = explode(',', $imglink); - if (isset($lnkdata[0])) { - $page = intval(substr($lnkdata[0], 1)); - if (empty($page) OR ($page <= 0)) { - $page = $this->page; - } - if (isset($lnkdata[1]) AND (strlen($lnkdata[1]) > 0)) { - $lnky = floatval($lnkdata[1]); - } else { - $lnky = 0; - } - $imglink = $this->AddLink(); - $this->SetLink($imglink, $lnky, $page); + if (empty($tag['attribute']['src'])) { + break; + } + $imgsrc = $tag['attribute']['src']; + if ($imgsrc[0] === '@') { + // data stream + $imgsrc = '@'.base64_decode(substr($imgsrc, 1)); + $type = ''; + } else { + if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) { + // fix image path + $findroot = strpos($imgsrc, $_SERVER['DOCUMENT_ROOT']); + if (($findroot === false) OR ($findroot > 1)) { + if (substr($_SERVER['DOCUMENT_ROOT'], -1) == '/') { + $imgsrc = substr($_SERVER['DOCUMENT_ROOT'], 0, -1).$imgsrc; + } else { + $imgsrc = $_SERVER['DOCUMENT_ROOT'].$imgsrc; } } - } - $border = 0; - if (isset($tag['border']) AND !empty($tag['border'])) { - // currently only support 1 (frame) or a combination of 'LTRB' - $border = $tag['border']; - } - $iw = ''; - if (isset($tag['width'])) { - $iw = $this->getHTMLUnitToUnits($tag['width'], ($tag['fontsize'] / $this->k), 'px', false); - } - $ih = ''; - if (isset($tag['height'])) { - $ih = $this->getHTMLUnitToUnits($tag['height'], ($tag['fontsize'] / $this->k), 'px', false); - } - if (($type == 'eps') OR ($type == 'ai')) { - $this->ImageEps($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true); - } elseif ($type == 'svg') { - $this->ImageSVG($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true); - } else { - $this->Image($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true); - } - switch($align) { - case 'T': { - $this->y = $prevy; - break; + $imgsrc = urldecode($imgsrc); + $testscrtype = @parse_url($imgsrc); + if (empty($testscrtype['query'])) { + // convert URL to server path + $imgsrc = str_replace(K_PATH_URL, K_PATH_MAIN, $imgsrc); + } elseif (preg_match('|^https?://|', $imgsrc) !== 1) { + // convert URL to server path + $imgsrc = str_replace(K_PATH_MAIN, K_PATH_URL, $imgsrc); } - case 'M': { - $this->y = (($this->img_rb_y + $prevy - ($this->getCellHeight($tag['fontsize'] / $this->k))) / 2); - break; - } - case 'B': { - $this->y = $this->img_rb_y - ($this->getCellHeight($tag['fontsize'] / $this->k) - ($this->getFontDescent($tag['fontname'], $tag['fontstyle'], $tag['fontsize']) * $this->cell_height_ratio)); - break; + } + // get image type + $type = TCPDF_IMAGES::getImageFileType($imgsrc); + } + if (!isset($tag['width'])) { + $tag['width'] = 0; + } + if (!isset($tag['height'])) { + $tag['height'] = 0; + } + //if (!isset($tag['attribute']['align'])) { + // the only alignment supported is "bottom" + // further development is required for other modes. + $tag['attribute']['align'] = 'bottom'; + //} + switch($tag['attribute']['align']) { + case 'top': { + $align = 'T'; + break; + } + case 'middle': { + $align = 'M'; + break; + } + case 'bottom': { + $align = 'B'; + break; + } + default: { + $align = 'B'; + break; + } + } + $prevy = $this->y; + $xpos = $this->x; + $imglink = ''; + if (isset($this->HREF['url']) AND !TCPDF_STATIC::empty_string($this->HREF['url'])) { + $imglink = $this->HREF['url']; + if ($imglink[0] == '#') { + // convert url to internal link + $lnkdata = explode(',', $imglink); + if (isset($lnkdata[0])) { + $page = intval(substr($lnkdata[0], 1)); + if (empty($page) OR ($page <= 0)) { + $page = $this->page; + } + if (isset($lnkdata[1]) AND (strlen($lnkdata[1]) > 0)) { + $lnky = floatval($lnkdata[1]); + } else { + $lnky = 0; + } + $imglink = $this->AddLink(); + $this->SetLink($imglink, $lnky, $page); } } } + $border = 0; + if (isset($tag['border']) AND !empty($tag['border'])) { + // currently only support 1 (frame) or a combination of 'LTRB' + $border = $tag['border']; + } + $iw = ''; + if (isset($tag['width'])) { + $iw = $this->getHTMLUnitToUnits($tag['width'], ($tag['fontsize'] / $this->k), 'px', false); + } + $ih = ''; + if (isset($tag['height'])) { + $ih = $this->getHTMLUnitToUnits($tag['height'], ($tag['fontsize'] / $this->k), 'px', false); + } + if (($type == 'eps') OR ($type == 'ai')) { + $this->ImageEps($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true); + } elseif ($type == 'svg') { + $this->ImageSVG($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true); + } else { + $this->Image($imgsrc, $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true); + } + switch($align) { + case 'T': { + $this->y = $prevy; + break; + } + case 'M': { + $this->y = (($this->img_rb_y + $prevy - ($this->getCellHeight($tag['fontsize'] / $this->k))) / 2); + break; + } + case 'B': { + $this->y = $this->img_rb_y - ($this->getCellHeight($tag['fontsize'] / $this->k) - ($this->getFontDescent($tag['fontname'], $tag['fontstyle'], $tag['fontsize']) * $this->cell_height_ratio)); + break; + } + } break; } case 'dl': { @@ -24207,9 +24228,12 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: } $img = urldecode($img); $testscrtype = @parse_url($img); - if (!isset($testscrtype['query']) OR empty($testscrtype['query'])) { + if (empty($testscrtype['query'])) { // convert URL to server path $img = str_replace(K_PATH_URL, K_PATH_MAIN, $img); + } elseif (preg_match('|^https?://|', $img) !== 1) { + // convert server path to URL + $img = str_replace(K_PATH_MAIN, K_PATH_URL, $img); } } // get image type From 17dbe134ccfafc3d6e455e0e62d095c7baa0e67d Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Fri, 19 Oct 2018 18:45:08 -0400 Subject: [PATCH 09/52] Database_Baseline.zip - Revisions for creating views and routines installer.php - Fix bug when update_db.php - Converted STIG download to identify the zip files from the a-z master list and download them individually instead of downloading the compilation zip file. Also integrated the sunset list into the same process so ALL STIGs are downloaded and imported at the same time --- Database_Baseline.zip | Bin 1193012 -> 1192408 bytes exec/installer.php | 4 +- exec/update_db.php | 190 +++++++++++++++++++----------------------- 3 files changed, 86 insertions(+), 108 deletions(-) diff --git a/Database_Baseline.zip b/Database_Baseline.zip index cf21074b30604b85126230bc1564f5a97ed23731..59a6c07e6483b3b70343e875b96434fa7ac192bf 100644 GIT binary patch delta 2400 zcmV-m37__~=t$V(NPvU^gaU*Egam{Iga(8Mgb0KQgbIWUgbaiYgbsucgb;)gv=UYV zf7Yf_O#s3`ka-9I0JJs$02KfL0CQnyVPk1@d0%pGb#!TNWpgfbacu1yS#Q%Y_?b!j z4}L&uD;31J1q@NzYy`Rll9uZw328c_rAcYh!G!qle7=)73F%ll7YXL$yKH}#?RuRC zDD{p#Kg`Y^?(ST>hK|ncS7S6=FP3QUf5!E_TL_K9G+Tuq(4Fh|uJ7IJqj|DIZ^HQQ zZPfj8|E_cQb`K*Gm(EZW>TB3~h*ufLGPb(2T*6W}|gBzn`ZwHS||g4dl>#nVhVKoud*yk>nY2;pa!#H!oe;I~EyxcEB z0T2hM?8K}{Hz`#CtdcAt5Uki&#fZRegE)+jDV(fISeU+Um&3>2B5={8$DD^gFb0l+ z8+!ypeg%wDpNdSlOHh^Z2QQ9;m0&Ges`<)pwO8U&wyaV+;v@@TMRgk)CRpQiJT7xA zLRNJ0KFW`kDcFH!9!UgXe~R_TAFz0|~^()PyGcD#Q@t2zY8Nd>m>k9gqA5 z#)x7^B}~~ur(px{0#@N<-U=+7FmLiP3h)*@O^HK;zag-~laLy5e>Dm~dIog}Ow+MW z!2~$-FrGmiXc10xf6&{Cs(BVt*;QTlKb{C(CpDs(DuAEF5`@%LpzLfJNFZEOG$PHy zV{QnfqC{~YJPzOo{)q!zAhgot0F~MbNT+~ux=1-;Tvq7LLd^an1Pdn%vxo|sZzzCg z$C;QGQWNwf08?-YLTV}yUJ6EumsQCq0I8J$=9C8QXKRYrf42xEBBl(O3L8lW7fRt< zw{fKI5=vZiu=B~*WHQSkykjI8vI1-Z!K_mb;d8v$6xr<+1ZRyBp&@P_TITd6&hLkV z2?*xndGd$~tddB$3-zkZQKP&F=yPD%$YAKj$Vp? zo+%iC3(*aLe`9r+4Q_UQ)VbE_BiTaM>_Vp~FFUTaogFL^*K4#-Oq?~y`H{41(meK2 zFF+zV^*RECd3hG&^I)0JJU%X6$5>1fTofL^nvhG3nBg;frpSaCG5h+Mg9j-^aiSzS zSub5O1B@h_3;|P=tbwxd?NDU2Ko1)xx-#XP(;+Yfe>uM1kJxfEh87-Ap(G}!&WTi$ zrIDZ*n`=hWMC3S$X0tFo0XnCg&gnVmkVS*T6*%~CNsSR>F0_`EFjw^ST|Th(OQEk{ zh#nNrv__f*cnau&u8l|Ce1I+c;e{8ky{J=e4!zTb(zr~b&_7d}KLoM=apA2_I-BM_ z$!hu0e~ULreJH}VvmeUkG6DJ<5}@CidbCTv%6Zl1*_oProg?~RCP0@7kdpuW{E$<#7z1m~jNy*-fesdlIv zyF0WUJ%LpVj+50Ha0bSjF~a;L_n#DIGO*xJOHt^`)CjU+u7^W6QOaZ;XFtyL^5EMz z(N%afWqDcs)le~wQBs&6Con^EYRJ%3Hc5gcWUTY;Ij?w*Ep6U*HiN&EvB~$Gx?t?SfQ1QtEY^3`HWBck)*j!q`|84;kLB@uQ(tS4VxYDHZ z1;8z6dX9R-wH+BCxvXorxbwZduH!o2v|fm%q@S?}pB&X6xjwz$|Bhf8IJvSclx@kk*ZE0RE8Cz!{q|7~J?bj%5aW z3S}^)^=}-_e2J65J!L?pj>@Q`1|4-rn9Q@!-YRghaWl70_$KUUBFyL;HA8rj=eFrd4rQzPNsiC&O;C!bbZG!TafIJX)}2C1eg5gAM_Oshm1K%ge>|;h z%9j4+bg3j-O`;@IDGDs-@mJhlUDQ4V^`$aGrJC_(Ih)uPZ0r;W*01pkgw>^MxO5Hw ziEG$sgSG{y0E2I`e*&-tQwOSwRc~_lrrei;VI0ETHC}zbKC%Uf{Asehfx|1Yr`WE} z4YnTXCPykF3e0BgTfII212p{UfAm<63PGY>vi&b!g7MX7bDY>hXVsgWnnyhhq4Z8jGd>+Ef>l0) zs(m0Ok<`ad6szeSRMlH2iq-H6NUSk=`#{V24O1_0002Ts$O~k delta 2991 zcmV;g3sCgf<4CmVNPvU^gaU*Egam{Iga(8Mgb0KQgbIWUgbaiYgbsucgb;)gv=UYV ze>9R!O-(Nh$<+z~0FPS$02KfL0CQnyVPk1@d0%pGb#!TNWpgfbacu1zYmbva@UxfP zf7lNuZIfy|-|-b|%PCr^_TlRbAf+dfmI}0bG5&XFAFwarX!WY6CAll?&SQ6Hc6OLq zc9r-jaZg+?NKfw{9$dMCUY?F#_tA7Ue_x`bYgdnMAk+(zG!8zZTUYN~J-X9IvnWPy zgT?KesQK;gZTt4k7Dgn<&!Qx~hvuirm+)#Bd2Wc{>ba@=(M|k&IVS>pWvh#zj{JD- z#|ZwCAX;3)4ZD8rN*J9S9vmKwj4^sV==bdIv(B*79UDU%itKLRG_3K%$B&DOfA5!~ z4UN&HKORv$y<9>Z^!uH$Ik4c)vWzai1-znShGunM8Y8qyXLm(96U%%(F`ykr_XTDw zJ-3lueNDtX9t;ihsb#+~-g9)JFsC7x>4ZQ9?3aU{0qEIn8|8%!YhZUK{A4aNp;Kz0v&vs=n8e^;BaKVL?%8=sgL)-$3RuGTxb^@koTb&p_Uo#@k|utig%9_NTU&*j^a;ixlDOA$t7S z`{c&1m-?}t01mBWI7L-}!$jE~8lAC0IE(yHXM{#ZA5;Jx9-t%q=md+@e-5TjJ1>wP zFrN4rM`XIfbIRQWmIC{@M-g1c;|iLQsj}P#+XTf3$fBINwmWtq#&?^9UIcG(-g<|(Uea;2S3%qEd6s4z2UzA81 zoTzxd_t^%-6k3!B73+DTDA6Y{2zDBzp-3@3$!rKOP}K$ZMm8Y1@mY!)9d$de?BPmsV=X^PRteDl1rZ$w3pd<2(6wC@f2)p2IAZK4t1wN<5izxQ=!DPX|MD{Osk! ziPbZXP0Q#V9?+ZNL+7ji(Ru8A{{-Re9}bRMf);is0RJ8_n8SmD=pN_^TurXA>~faN zBy_H3!9FSQeh6PbXcA3Y`CWEK;3_W<1@i049 z$F^``i(v3e!cgjT=JJd4B4um7+ zoaLNIu|00$J{4Kstj!L&VP;n!|A(ZS8(y6dX#%nFG8Iys(a0$LQ$|a9A+F)%*3SOy z&DMFFEma)cZmDLAWEH6XN_hw!0J_0J$de94f3g!&u0oyMdB!47UueFy2Y!H>#wbp0 zaHKV$ump#i?4TEYOT8*3JqoiR^de~wHY_|Vq5*JQ#q%UOP!?CnV+?xBa#rL?1(;D9 zj+!x%fpR~VyRjM@P6yv8PPIA0{&SO1$~1?C7NJF&E8l?ka5VI>x$vhAR>_-#h0WrU zf33145xpwB*{8$7PDv*z(+5)^rL zy{O$*@IGmJ(y?b@hurO`&bgvji-4w2Y){8V>zaFa5< zMi0ppX9awGIPH>`FLqHYK%6mZb#f54e_%6rO$19lws_;as~C&51mEV1cQGM{Ok#%5 z<}*bm#K^QScOP&kc~k5#iaxKF4jBPPk_|=o(6hs8vR~VTwql@3<;x^8#dJ9z+KO^ z!etZ&-lzMMNnCH~Lx#3G*>A?GRn%n2aD zcY2SvE;L(cXpARAYlI*#);v0bA$(#yHLb$~T8@q;$b9Gx>2_LFX;{BqqNT8!i(4!{N0t-8B%%?e|y8e7t=bVR1`W8 zy8obu+@e|f)s1}zPj0qC6TT7K=*%X4Wz^0m0e5PBI0^nbL2CYk9d~tK8aDf4ZodGZ z_X4cQRc|odahEfDRqrtW@=J`;w362s{(?h+`8e)k z)6VY-^q@9ZMtCS>e|%9w{q>Fe*`MP6mJe(9CVm$to`_{{<@Z+pKe6%~MZo?)`_8}B z-|}<(z12Q%s|^y+4D=?u$K)M<{5XTs&3pWS1MTZ&zK0BYex#XUGqb(rNY^tY88OGK z#=g;N1290tPXi`?cJ@NOXvV*|jVqIWt5tOJL_WX`Qft+Ze=ru0m6L#?z&|^NV=I2| z-oK0}zN&~$T=GrPd;{|Y-KOl3ANqsEkLXaB(a7$aFbD3Y)GNb z-Y-Jq;(V_TnEY^H>HJ_yw&=LwlJklgf^q~hKNVR9D?H)3^z3Jjq@UwVv8s-EE;`1U zVpSaQ%+EWP6i-EFE&%G`W466$z6|};pB^6k1h@DK5|AVgG?GnCO)m_|)d~Ork6V|P zFA_Bt$vD!DLSxhclL@?#L1WYblL@?#L1UNUFA^*QR1KF8FcM_~p%9mLFcLrl!4sFb lFcL)qvKp8FFcL-rSSOc9F%m=q9x9iOF%m@vy)6;|001#CnWg{$ diff --git a/exec/installer.php b/exec/installer.php index 5075dca..1391e4d 100644 --- a/exec/installer.php +++ b/exec/installer.php @@ -41,7 +41,7 @@ $db_step = [ 'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN], - 'update-freq' => ['filter' => FILTER_VALIDATE_INT, 'flag' => FILTER_NULL_ON_FAILURE] + 'update-freq' => ['filter' => FILTER_VALIDATE_FLOAT, 'flag' => FILTER_NULL_ON_FAILURE] ]; $company_step = [ 'company' => $params, @@ -194,7 +194,6 @@ function save_Database($params) unset($db); } - $successful = true; $zip = new ZipArchive(); $db = new mysqli(DB_SERVER, $params['root-uname'], $params['root-pwd'], 'mysql'); if ($db->connect_errno && $db->connect_errno == 1045) { @@ -361,7 +360,6 @@ EOO; if (preg_grep("/Access Denied/i", $output)) { $errors[] = $output; - $successful = false; } else { unlink($file); diff --git a/exec/update_db.php b/exec/update_db.php index e722171..3acedfd 100644 --- a/exec/update_db.php +++ b/exec/update_db.php @@ -601,12 +601,96 @@ if (isset($cmd['stig'])) { 'stig-progress' => 0, 'stig-count' => 0 ]); - $path = TMP . "/stigs"; + $path = TMP . "/stigs/zip"; check_path($path); + $stigUrlArray = []; + $tmp = []; + $tmp1 = []; + $tmp2 = []; + $tmp3 = []; $diff->resetClock(); print "Started STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL; + $url_1 = "https://iase.disa.mil/stigs/Pages/a-z.aspx"; + $url_2 = "https://iase.disa.mil"; + $sunset_url = "https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx"; + $regex = "/a href=\"([^ ]+zip\/U_[^ ]+STIG\.zip)[^\>]+\>([^\<]+)\<\/a\>/i"; + + if (!isset($cmd['po']) || isset($cmd['do'])) { + $log->debug("Checking url: $url_1"); + $pg_contents = file_get_contents($url_1); + + if(preg_match("/RefreshPageTo\(event, ([^\}]+\})/i", $pg_contents, $tmp)) { + $url_2 .= str_replace(["\u0026", '"'], ["&", ""], html_entity_decode($tmp[1])); + } + + $log->debug("Checking url: $url_2"); + $pg_contents2 = file_get_contents($url_2); + $log->debug("Checking url: $sunset_url"); + $sunset_contents = file_get_contents($sunset_url); + + $log->debug("Retrieving all matches"); + preg_match_all($regex, $pg_contents, $tmp1); + preg_match_all($regex, $pg_contents2, $tmp2); + preg_match_all($regex, $sunset_contents, $tmp3); + + $stigUrlArray = array_merge($tmp1[1], $tmp2[1], $tmp3[1]); + $log->debug("Match count: " . count($stigUrlArray)); + + print "Downloading " . count($stigUrlArray) . PHP_EOL; + if(is_array($stigUrlArray) && count($stigUrlArray)) { + foreach($stigUrlArray as $url) { + $stigFname = basename($url); + $log->debug("Downloading $stigFname"); + download_file($url, "{$path}/$stigFname"); + } + } + } + + if (!isset($cmd['do']) || isset($cmd['po'])) { + $stig_files = array_merge( + glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml") + ); + if (!count($stig_files)) { + die("Could not locate any XCCDF STIG libraries " . realpath(TMP)); + } + + $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . + " -c " . realpath(PHP_CONF) . + " -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" . + (isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") . + " --delete"; + + $log->debug("Script to run $script"); + passthru($script); + } + + $db->help->select_count("sagacity.stigs"); + $stig_count = $db->help->execute(); + + $db->set_Setting("stig-count", $stig_count); + + $diff->stopClock(); + + print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL . + "Total Time: {$diff->getDiffString()}" . PHP_EOL; + + sleep(3); +} + +if (is_a($diff->getTotalDiff(), 'DateInterval')) { + print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL; +} + +/** + * Function to download the latest STIG compilation library zip file for extraction and updating + */ +function getStigLibrary() +{ + global $current_date, $cmd, $log, $db; + $path = TMP; + $mon = '01'; $prev_mon = '10'; $year = (int) $current_date->format("Y"); @@ -671,109 +755,6 @@ if (isset($cmd['stig'])) { } } } - - if (!isset($cmd['do']) || isset($cmd['po'])) { - $stig_files = array_merge( - glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml") - ); - if (!file_exists($stig_fname) && !count($stig_files)) { - die("Could not locate $stig_fname or find any other zip files in " . realpath(TMP)); - } - - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . - " -c " . realpath(PHP_CONF) . - " -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" . - (isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") . - " --delete"; - - $log->debug("Script to run $script"); - passthru($script); - } - - $db->help->select_count("sagacity.stigs"); - $stig_count = $db->help->execute(); - - $db->set_Setting("stig-count", $stig_count); - - $diff->stopClock(); - - print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL . - "Total Time: {$diff->getDiffString()}" . PHP_EOL; - - sleep(3); -} - -/** - * Update Sunset STIG library from DISA content - */ -if (isset($cmd['sunset'])) { - $db->set_Setting_Array([ - 'stig-dl-progress' => 0, - 'stig-progress' => 0, - 'stig-count' => 0 - ]); - $path = TMP . "/stigs/zip"; - check_path($path); - $sunset_array = []; - - $diff->resetClock(); - print "Started Sunset STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL; - - $sunset_url="https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx"; - - if (ping("disa.mil") && !isset($cmd['po'])) { - $log->debug("Checking for $sunset_url"); - if ($found = url_exists($sunset_url)) { - $contents=file_get_contents($sunset_url); - } - - if (!$found) { - $log->debug("Unable to download $sunset_url, aborting Sunset"); - die("Unable to open $sunset_url, aborting Sunset"); - } - - preg_match_all("/a href=\"([^ ]+zip\/U_[^ ]+STIG\.zip)/", $contents, $sunset_array); - - foreach($sunset_array[1] as $url) { - $sunset_fname = basename($url); - download_file($url, "{$path}/$sunset_fname"); - } - } - - if (!isset($cmd['do']) || isset($cmd['po'])) { - $stig_files = array_merge( - glob("{$path}/*.zip"), glob("{$path}/*.xml"), - glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml") - ); - if (!count($stig_files)) { - die("Could not find any other zip files in " . realpath(TMP)); - } - - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . - " -c " . realpath(PHP_CONF) . - " -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" . - (isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") . - " --delete"; - - $log->debug("Script to run $script"); - passthru($script); - } - - $db->help->select_count("sagacity.stigs"); - $stig_count = $db->help->execute(); - - $db->set_Setting("stig-count", $stig_count); - - $diff->stopClock(); - - print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL . - "Total Time: {$diff->getDiffString()}" . PHP_EOL; - - sleep(3); -} - -if (is_a($diff->getTotalDiff(), 'DateInterval')) { - print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL; } /** @@ -793,7 +774,6 @@ Usage: php update_db.php [--cpe] [--cve] [--nvd] [--nasl] [--stig] [-u={URL}] [- --nasl To download OpenVAS NVT library and update NASL files You can also extract *.nasl files from the Nessus library to $tmp/nessus_plugins and it will include these in the update --stig To download and update the STIG library - --sunset To download and update the STIG library with the STIGs DISA has archived --do To download the files only...do not call the parsers will overwrite any existing files --po To parse the downloaded files only, do not download From e995c0e78e36a9c735b72c01b40c94b2a9c5e118 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Tue, 23 Oct 2018 18:46:40 -0400 Subject: [PATCH 10/52] Fixed a couple typos --- .../Windows Data Collection/windows-data-collection.bat | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/exec/Target Host Tools/Windows/Windows Data Collection/windows-data-collection.bat b/exec/Target Host Tools/Windows/Windows Data Collection/windows-data-collection.bat index 4efd8a1..4851494 100644 --- a/exec/Target Host Tools/Windows/Windows Data Collection/windows-data-collection.bat +++ b/exec/Target Host Tools/Windows/Windows Data Collection/windows-data-collection.bat @@ -112,10 +112,10 @@ echo -- wmic /output:hotfixes.txt qfe list | tee.cmd %SUMMARYFILE% wmic qfe list > %OUTDIR%\hotfixes.txt echo. -echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\hotfixes.txt +echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\certificates.txt echo -- dir /s /b *.p12 *.pfs (C:\) | tee.cmd %SUMMARYFILE% cd C:\ -dir /s /b *.p12 *.pfs > %OUTDIR%\hotfixes.txt +dir /s /b *.p12 *.pfs > %OUTDIR%\certificates.txt cd %originaldir% echo. @@ -233,8 +233,8 @@ fciv.exe -both "%OUTFILE%" >> %CHECKSUMS% echo * Installed Software | tee.cmd %SUMMARYFILE% set OUTFILE=%OUTDIR%\installed-software.csv -echo -- wmic product /format:csv get name,version | tee.cmd %SUMMARYFILE% -wmic product get /format:csv name,version > %OUTFILE% +echo -- wmic product get name,version /format:csv | tee.cmd %SUMMARYFILE% +wmic product get name,version /format:csv > %OUTFILE% echo * Query the registry for values | tee.cmd %SUMMARYFILE% for /F "eol=; tokens=1,2 delims=," %%i in (reg-values-to-check.txt) do ( From d43775b26fd9e7dc02e06a7b5d10e22490a9519b Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Thu, 25 Oct 2018 11:32:48 -0400 Subject: [PATCH 11/52] Fix bug with host list import not working correctly. --- inc/helper.inc | 3 +++ ste/index.php | 60 +++++++++++++++++++++++++++++++------------------- upload.php | 3 +++ 3 files changed, 43 insertions(+), 23 deletions(-) diff --git a/inc/helper.inc b/inc/helper.inc index 6cbd4bc..e0c7aa0 100644 --- a/inc/helper.inc +++ b/inc/helper.inc @@ -242,6 +242,9 @@ function FileDetection($filename) if (preg_match('/Checklist:|Unclassified|Secret|STIG[_| ]ID/i', $line)) { $name['type'] = ECHECKLIST_CSV; } + elseif (preg_match("/host\-list/", $name['base_name'])) { + $name['type'] = HOST_LIST; + } elseif (preg_match('/^\"NetBIOSName|^\"JobName/', $line)) { $name['type'] = UNSUPPORTED_RETINA_CSV; } diff --git a/ste/index.php b/ste/index.php index fe8d330..44706a3 100644 --- a/ste/index.php +++ b/ste/index.php @@ -326,6 +326,10 @@ include_once 'header.inc'; #loading { display: none; } + .dz-image img { + width: 100%; + height: 100%; + }
@@ -559,39 +563,49 @@ include_once 'header.inc';
+
Click or Drop files here to upload
+ onsubmit="$('#submit').attr('disabled', true);return true;" id='host-list-form'> +
Must keep 'host-list' as part of the filename
' /> diff --git a/upload.php b/upload.php index bae90af..2688234 100644 --- a/upload.php +++ b/upload.php @@ -58,6 +58,9 @@ if ($fn) { case TECH_ECHECKLIST_EXCEL: print header(JSON) . json_encode(['imageUrl' => '/img/scan_types/echecklist.png']); break; + case HOST_LIST: + print header(JSON) . json_encode(['imageUrl' => '/img/file.png']); + break; default: print header(JSON) . json_encode(['imageUrl' => null]); unlink(TMP . "/" . basename($fn)); From 7f2f6a904634573e951bc4c807d388fb011a3686 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Thu, 25 Oct 2018 17:48:57 -0400 Subject: [PATCH 12/52] Fix for #60 Some formatting Die if installer.php fails to create password file Update target counts after importing eChecklist and CKL --- Dockerfile | 2 +- conf/my.ini | 3 +-- exec/installer.php | 4 +++- exec/parse_excel_echecklist.php | 7 +++++++ exec/parse_stig_viewer.php | 2 ++ exec/update_db.php | 6 ++++++ inc/database.inc | 2 +- setup.php | 11 +++++------ 8 files changed, 26 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index b395466..e6c1397 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM php:7.2.8-apache-stretch +FROM php:apache-stretch COPY conf/docker-php.ini /usr/local/etc/php/php.ini RUN apt update && apt -y install zlib1g-dev mysql-client RUN docker-php-ext-install mysqli zip diff --git a/conf/my.ini b/conf/my.ini index 5133c37..6360dc3 100644 --- a/conf/my.ini +++ b/conf/my.ini @@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data" #innodb_log_arch_dir = "C:/xampp/mysql/data" ## You can set .._buffer_pool_size up to 50 - 80 % ## of RAM but beware of setting memory usage too high -innodb_buffer_pool_size = 16M -innodb_additional_mem_pool_size = 2M +innodb_buffer_pool_size = 20M ## Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M diff --git a/exec/installer.php b/exec/installer.php index 1391e4d..bbf905d 100644 --- a/exec/installer.php +++ b/exec/installer.php @@ -181,7 +181,9 @@ function save_Database($params) * CREATE DB PASSWORD FILE * --------------------------------- */ $enc_pwd = my_encrypt($params['web-pwd']); - file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd); + if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) { + die(json_encode(['error' => "Could not create the password file"])); + } if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) { $db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql'); diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index 452335f..c9b3e03 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -347,6 +347,13 @@ $scan->isTerminated(); } } +/** + * @var host_list $h + */ +foreach($host_list as $h) { + $db->update_Target_Counts($h->getTargetId()); +} + unset($objSS); $db->update_Scan_Host_List($scan, $host_list); if (!isset($cmd['debug'])) { diff --git a/exec/parse_stig_viewer.php b/exec/parse_stig_viewer.php index f68d1bb..4145a18 100644 --- a/exec/parse_stig_viewer.php +++ b/exec/parse_stig_viewer.php @@ -296,6 +296,8 @@ foreach ($vulns as $vul) { $vuln_count++; } +$db->update_Target_Counts($tgt->get_ID()); + unset($xml); if (!isset($cmd['debug'])) { rename($cmd['f'], TMP . "/stig_viewer/$base_name"); diff --git a/exec/update_db.php b/exec/update_db.php index 3acedfd..44a8be5 100644 --- a/exec/update_db.php +++ b/exec/update_db.php @@ -601,6 +601,7 @@ if (isset($cmd['stig'])) { 'stig-progress' => 0, 'stig-count' => 0 ]); + check_path(TMP . "/stigs"); $path = TMP . "/stigs/zip"; check_path($path); $stigUrlArray = []; @@ -639,6 +640,11 @@ if (isset($cmd['stig'])) { $log->debug("Match count: " . count($stigUrlArray)); print "Downloading " . count($stigUrlArray) . PHP_EOL; + + $stigUrlArray = array_unique(array_map(function($url){return str_replace("http://", "https://", $url);}, $stigUrlArray); + sort($stigUrlArray); + $log->debug("stig array", $stigUrlArray); + if(is_array($stigUrlArray) && count($stigUrlArray)) { foreach($stigUrlArray as $url) { $stigFname = basename($url); diff --git a/inc/database.inc b/inc/database.inc index 0cc5e67..c9bb7d7 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -2713,7 +2713,7 @@ class db ] ]); $sw_rows = $this->help->execute(); - if (count($sw_rows)) { + if (is_array($sw_rows) && count($sw_rows)) { if (isset($sw_rows['sw_id'])) { $sw_rows = [0 => $sw_rows]; } diff --git a/setup.php b/setup.php index dcae3d1..0b27aa6 100644 --- a/setup.php +++ b/setup.php @@ -112,7 +112,7 @@ EOO; if (!class_exists('ZipArchive')) { print << +The PHP ZipArchive module is not installed or enabled.
Visit PHPInfo to double-check this.

EOO; $fail = true; @@ -127,7 +127,7 @@ EOO; } elseif (strtolower(substr(PHP_OS, 0, 3)) == 'win') { try { - $com = new COM("WScript.Shell"); + new COM("WScript.Shell"); } catch (Exception $e) { print << Date: Sat, 27 Oct 2018 12:20:33 -0400 Subject: [PATCH 13/52] Partial bug fix for #62 since new versions of SCC include extra characters in the VMS ID. --- exec/parse_scc_xccdf.php | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/exec/parse_scc_xccdf.php b/exec/parse_scc_xccdf.php index eea21f9..a2da39b 100644 --- a/exec/parse_scc_xccdf.php +++ b/exec/parse_scc_xccdf.php @@ -169,18 +169,26 @@ class scc_parser extends scan_xml_parser */ public function cdf_Benchmark_cdf_Group($attrs) { - $this->vms = $this->db->get_GoldDisk($attrs['id']); + $this->found_rule = false; + $match = []; + $this->vms_id = null; + $this->vms = null; + + if(preg_match("/(V\-[\d]+)/", $attrs['id'], $match)) { + $this->vms_id = $match[1]; + $this->group_id = $this->vms_id; + } + else { + return; + } + $this->vms = $this->db->get_GoldDisk($this->vms_id); if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) { - $this->group_id = $this->vms[0]->get_PDI_ID(); - } else { - $this->group_id = $attrs['id']; - $this->vms = null; + $this->vms = $this->vms[0]; + $this->group_id = $this->vms->get_PDI_ID(); } - $this->vms_id = $attrs['id']; - $this->groups[$this->group_id] = array(); - $this->found_rule = false; + $this->groups[$this->group_id] = []; } /** From 5d8711d494ecfdad0d60d800df5eb317f0e8af69 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Mon, 29 Oct 2018 13:19:31 -0400 Subject: [PATCH 14/52] Fix bug #49 Revert update_db.php to download compilation STIG library instead of individual as links are inconsistent (#60, #64, #61 Add scape_webpage method to helper.inc for future efforts Fixed typo in uninstall.bat --- exec/export-ckl.php | 18 ++++---- exec/update_db.php | 109 ++++++++++++++++++++++++++++++-------------- inc/helper.inc | 26 +++++++++++ uninstall.bat | 2 +- 4 files changed, 111 insertions(+), 44 deletions(-) diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 9a56d9a..01b1fac 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -73,8 +73,6 @@ $xml = new Array2XML(); $xml->standalone = true; $xml->formatOutput = true; -$chk_comp_count = 0; -$tgt_comp_count = 0; $total_chk_count = 0; $total_stigs = 0; @@ -85,7 +83,6 @@ if ($tgt_count = count($tgts)) { $host_ip = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_IPv4() : null); $host_fqdn = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_FQDN() : null); $host_mac = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_MAC() : null); - //$host_mac = (count($tgt->interfaces) ? current($tgt->interfaces)->get_Mac() : null); print "Target: {$tgt->get_Name()}" . PHP_EOL; @@ -122,11 +119,11 @@ if ($tgt_count = count($tgts)) { $arr = [ '@comment' => "CyberPerspectives Sagacity v" . VER, 'ASSET' => [ + 'ROLE' => 'None', 'ASSET_TYPE' => 'Computing', 'HOST_NAME' => $tgt->get_Name(), 'HOST_IP' => $host_ip, 'HOST_MAC' => $host_mac, - 'HOST_GUID' => '', 'HOST_FQDN' => $host_fqdn, 'TECH_AREA' => '', 'TARGET_KEY' => '', @@ -220,7 +217,7 @@ if ($tgt_count = count($tgts)) { } // decoding because check contents are already encoded - $cc = str_replace("\\n", "
", htmlentities(html_entity_decode($pdi['check_contents']))); + //$cc = str_replace("\\n", "\n", htmlentities(html_entity_decode($pdi['check_contents']))); $stig_data = array_merge([ [ @@ -257,11 +254,11 @@ if ($tgt_count = count($tgts)) { ], [ 'VULN_ATTRIBUTE' => 'Check_Content', - 'ATTRIBUTE_DATA' => $cc + 'ATTRIBUTE_DATA' => htmlentities(str_replace("\\n", "\n", html_entity_decode(html_entity_decode($pdi['check_contents'])))) ], [ 'VULN_ATTRIBUTE' => 'Fix_Text', - 'ATTRIBUTE_DATA' => htmlentities($pdi['fix_text']) + 'ATTRIBUTE_DATA' => htmlentities(str_replace("\\n", "\n", html_entity_decode(html_entity_decode($pdi['fix_text'])))) ], [ 'VULN_ATTRIBUTE' => 'False_Positives', @@ -301,7 +298,11 @@ if ($tgt_count = count($tgts)) { ], [ 'VULN_ATTRIBUTE' => 'Check_Content_Ref', - 'ATTRIBUTE_DATA' => '' + 'ATTRIBUTE_DATA' => 'M' + ], + [ + 'VULN_ATTRIBUTE' => 'Weight', + 'ATTRIBUTE_DATA' => '10.0' ], [ 'VULN_ATTRIBUTE' => 'Class', @@ -321,6 +322,7 @@ if ($tgt_count = count($tgts)) { $notes = ''; if (is_a($find, 'finding')) { + /** @var finding $find */ $status = $status_map[$find->get_Finding_Status_String()]; $notes = $find->get_Notes(); } diff --git a/exec/update_db.php b/exec/update_db.php index 44a8be5..0d7f329 100644 --- a/exec/update_db.php +++ b/exec/update_db.php @@ -461,6 +461,7 @@ if (isset($cmd['nasl'])) { 'nasl-count' => 0 ]); $count = 0; + check_path(TMP . "/nessus_plugins"); // Capture start time for performance monitoring $diff->resetClock(); @@ -601,55 +602,93 @@ if (isset($cmd['stig'])) { 'stig-progress' => 0, 'stig-count' => 0 ]); + $path = TMP . "/stigs"; check_path(TMP . "/stigs"); - $path = TMP . "/stigs/zip"; - check_path($path); - $stigUrlArray = []; - $tmp = []; - $tmp1 = []; - $tmp2 = []; - $tmp3 = []; + check_path(TMP . "/stigs/zip"); + $sunset_array = []; $diff->resetClock(); print "Started STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL; - $url_1 = "https://iase.disa.mil/stigs/Pages/a-z.aspx"; - $url_2 = "https://iase.disa.mil"; - $sunset_url = "https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx"; - $regex = "/a href=\"([^ ]+zip\/U_[^ ]+STIG\.zip)[^\>]+\>([^\<]+)\<\/a\>/i"; + $mon = '01'; + $prev_mon = '10'; + $year = (int) $current_date->format("Y"); - if (!isset($cmd['po']) || isset($cmd['do'])) { - $log->debug("Checking url: $url_1"); - $pg_contents = file_get_contents($url_1); + if (between($current_date->format("n"), 4, 6)) { + $mon = '04'; + $prev_mon = '01'; + } + elseif (between($current_date->format("n"), 7, 9)) { + $mon = '07'; + $prev_mon = '04'; + } + elseif (between($current_date->format("n"), 10, 12)) { + $mon = '10'; + $prev_mon = '07'; + } - if(preg_match("/RefreshPageTo\(event, ([^\}]+\})/i", $pg_contents, $tmp)) { - $url_2 .= str_replace(["\u0026", '"'], ["&", ""], html_entity_decode($tmp[1])); + $current_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}.zip"; + $current_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}_v2.zip"; + $sunset_url = "https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx"; + $stig_fname = "{$path}/stig_library-{$year}_{$mon}.zip"; + + if (!file_exists($stig_fname) && ping("disa.mil") && !isset($cmd['po'])) { + if (isset($cmd['u'])) { + $url = $cmd['u']; + $log->debug("Checking for $url"); + + if (url_exists($url)) { + download_file($url, $stig_fname, $db->help, 'stig-dl-progress'); + } } + else { + $log->debug("Checking for $current_url"); - $log->debug("Checking url: $url_2"); - $pg_contents2 = file_get_contents($url_2); - $log->debug("Checking url: $sunset_url"); - $sunset_contents = file_get_contents($sunset_url); + if ($found = url_exists($current_url)) { + download_file($current_url, $stig_fname, $db->help, 'stig-dl-progress'); + } + if (!$found) { + $log->debug("Checking for $current_v2_url"); - $log->debug("Retrieving all matches"); - preg_match_all($regex, $pg_contents, $tmp1); - preg_match_all($regex, $pg_contents2, $tmp2); - preg_match_all($regex, $sunset_contents, $tmp3); + if ($found = url_exists($current_v2_url)) { + download_file($current_v2_url, $stig_fname, $db->help, 'stig-dl-progress'); + } + } + if ($mon == '01') { + $year--; + } - $stigUrlArray = array_merge($tmp1[1], $tmp2[1], $tmp3[1]); - $log->debug("Match count: " . count($stigUrlArray)); + $prev_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}.zip"; + $prev_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}_v2.zip"; - print "Downloading " . count($stigUrlArray) . PHP_EOL; + if (!$found) { + $log->debug("Checking for $prev_url"); + if ($found = url_exists($prev_url)) { + download_file($prev_url, $stig_fname, $db->help, 'stig-dl-progress'); + } + } + if (!$found) { + $log->debug("Checking for $prev_v2_url"); + if (url_exists($prev_v2_url)) { + download_file($prev_v2_url, $stig_fname, $db->help, 'stig-dl-progress'); + } + } + } + } - $stigUrlArray = array_unique(array_map(function($url){return str_replace("http://", "https://", $url);}, $stigUrlArray); - sort($stigUrlArray); - $log->debug("stig array", $stigUrlArray); + if(ping("disa.mil") && !isset($cmd['po'])) { + $log->debug("Checking for $sunset_url"); - if(is_array($stigUrlArray) && count($stigUrlArray)) { - foreach($stigUrlArray as $url) { - $stigFname = basename($url); - $log->debug("Downloading $stigFname"); - download_file($url, "{$path}/$stigFname"); + if(url_exists($sunset_url)) { + $log->debug("Downloading sunset STIGs"); + $contents = file_get_contents($sunset_url); + preg_match_all("/a href=\"([^ ]+STIG\.zip)/", $contents, $sunset_array); + + if(is_array($sunset_array) && isset($sunset_array[1]) && count($sunset_array[1])) { + foreach($sunset_array[1] as $url) { + $sunset_fname = basename($url); + download_file($url, TMP . "/stigs/zip/{$sunset_fname}"); + } } } } diff --git a/inc/helper.inc b/inc/helper.inc index e0c7aa0..857dce2 100644 --- a/inc/helper.inc +++ b/inc/helper.inc @@ -855,3 +855,29 @@ function convert_log_level() return Logger::ERROR; } } + +/** + * Helper method to scrape a web page + * + * @param string $url + * + * @return string + */ +function scrape_webpage($url) +{ + $config = [ + CURLOPT_RETURNTRANSFER => true, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_HEADER => true, + CURLOPT_SSL_VERIFYPEER => false, + CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13', + CURLOPT_URL => $url + ]; + $c = curl_init(); + + curl_setopt_array($c, $config); + + $output = curl_exec($c); + + return $output; +} diff --git a/uninstall.bat b/uninstall.bat index 5adc570..3b49375 100644 --- a/uninstall.bat +++ b/uninstall.bat @@ -43,7 +43,7 @@ if "%result%"=="1" ( ) echo. -echo Thank you for trying Sagacity. If you have any questions or comments, please echo contact us at https://www.cyberperspectives.com/contact_us +echo Thank you for trying Sagacity. If you have any questions or comments, please contact us at https://www.cyberperspectives.com/contact_us echo. if "%result%"=="1" ( From f1cab1325111a3872bb1a21cf39c008dee825df8 Mon Sep 17 00:00:00 2001 From: Jeff Odegard <42775175+JeffOdegard@users.noreply.github.com> Date: Mon, 29 Oct 2018 19:42:36 -0600 Subject: [PATCH 15/52] Add ROLE to .ckl ASSET Tag and delete HOST_GUID These changes make the .ckl exports compatible with the latest STIG Viewer 2.8. --- exec/export-ckl.php | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 01b1fac..4697215 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -73,6 +73,8 @@ $xml = new Array2XML(); $xml->standalone = true; $xml->formatOutput = true; +$chk_comp_count = 0; +$tgt_comp_count = 0; $total_chk_count = 0; $total_stigs = 0; @@ -83,6 +85,7 @@ if ($tgt_count = count($tgts)) { $host_ip = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_IPv4() : null); $host_fqdn = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_FQDN() : null); $host_mac = (is_array($tgt->interfaces) && count($tgt->interfaces) ? current($tgt->interfaces)->get_MAC() : null); + //$host_mac = (count($tgt->interfaces) ? current($tgt->interfaces)->get_Mac() : null); print "Target: {$tgt->get_Name()}" . PHP_EOL; @@ -119,8 +122,8 @@ if ($tgt_count = count($tgts)) { $arr = [ '@comment' => "CyberPerspectives Sagacity v" . VER, 'ASSET' => [ - 'ROLE' => 'None', - 'ASSET_TYPE' => 'Computing', + 'ROLE' => 'None', + 'ASSET_TYPE' => 'Computing', 'HOST_NAME' => $tgt->get_Name(), 'HOST_IP' => $host_ip, 'HOST_MAC' => $host_mac, @@ -217,7 +220,7 @@ if ($tgt_count = count($tgts)) { } // decoding because check contents are already encoded - //$cc = str_replace("\\n", "\n", htmlentities(html_entity_decode($pdi['check_contents']))); + $cc = str_replace("\\n", "
", htmlentities(html_entity_decode($pdi['check_contents']))); $stig_data = array_merge([ [ @@ -254,11 +257,11 @@ if ($tgt_count = count($tgts)) { ], [ 'VULN_ATTRIBUTE' => 'Check_Content', - 'ATTRIBUTE_DATA' => htmlentities(str_replace("\\n", "\n", html_entity_decode(html_entity_decode($pdi['check_contents'])))) + 'ATTRIBUTE_DATA' => $cc ], [ 'VULN_ATTRIBUTE' => 'Fix_Text', - 'ATTRIBUTE_DATA' => htmlentities(str_replace("\\n", "\n", html_entity_decode(html_entity_decode($pdi['fix_text'])))) + 'ATTRIBUTE_DATA' => htmlentities($pdi['fix_text']) ], [ 'VULN_ATTRIBUTE' => 'False_Positives', @@ -298,11 +301,7 @@ if ($tgt_count = count($tgts)) { ], [ 'VULN_ATTRIBUTE' => 'Check_Content_Ref', - 'ATTRIBUTE_DATA' => 'M' - ], - [ - 'VULN_ATTRIBUTE' => 'Weight', - 'ATTRIBUTE_DATA' => '10.0' + 'ATTRIBUTE_DATA' => '' ], [ 'VULN_ATTRIBUTE' => 'Class', @@ -322,7 +321,6 @@ if ($tgt_count = count($tgts)) { $notes = ''; if (is_a($find, 'finding')) { - /** @var finding $find */ $status = $status_map[$find->get_Finding_Status_String()]; $notes = $find->get_Notes(); } From ebc5cc6a7e024fd5ef8f866f859f08b9f7d8896a Mon Sep 17 00:00:00 2001 From: Jeff Odegard <42775175+JeffOdegard@users.noreply.github.com> Date: Mon, 29 Oct 2018 20:03:24 -0600 Subject: [PATCH 16/52] Fix for #63 Line 11926, added isset to check for index 0: if (is_array($pri_find) && count($pri_find) && isset($pri_find[0])) { --- inc/database.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/database.inc b/inc/database.inc index c9bb7d7..43a4a24 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -11923,7 +11923,7 @@ class db $stig = $this->get_STIG_By_PDI($find->get_PDI_ID()); $pri_find = $this->get_Finding($pri_tgt, $stig); - if (is_array($pri_find) && count($pri_find)) { + if (is_array($pri_find) && count($pri_find) && isset($pri_find[0])) { $pri_find = $pri_find[0]; if ($pri_find->get_Finding_Status() != $find->get_Finding_Status()) { $pri_find->set_Finding_Status_By_String($pri_find->get_Deconflicted_Status($find->get_Finding_Status_String())); From 5b749f6844dd674ac3845473cc94f79f9ae2e683 Mon Sep 17 00:00:00 2001 From: Jeff Odegard <42775175+JeffOdegard@users.noreply.github.com> Date: Sat, 3 Nov 2018 16:02:08 -0600 Subject: [PATCH 17/52] Fix for #62 Commented out last INSERT in post_Processing --- inc/database.inc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/inc/database.inc b/inc/database.inc index 43a4a24..92c0f48 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -74,6 +74,7 @@ * - Jun 2, 2018 - Formatting and added set_Setting_Array method * - Jun 5, 2018 - Changed set_Setting_Array method to use SQL update instead of replace * - Sep 5, 2018 - Fix for #8 + * - Nov 3, 2018 - Fix for fix #62, commented out last INSERT in post_Processing, jao */ include_once 'base.inc'; include_once 'software.inc'; @@ -11291,12 +11292,13 @@ class db ]); $this->help->execute(); - $this->help->sql = "INSERT IGNORE INTO findings (tgt_id,pdi_id,findings_status_id) " . - "SELECT {$id},pcl.pdi_id,1 " . - "FROM target_checklist tc " . - "JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " . - "WHERE tc.tgt_id = {$id}"; - $this->help->execute(); +# Commented out 3 Nov 18 to fix #62 - Jeff Odegard +# $this->help->sql = "INSERT IGNORE INTO findings (tgt_id,pdi_id,findings_status_id) " . +# "SELECT {$id},pcl.pdi_id,1 " . +# "FROM target_checklist tc " . +# "JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " . +# "WHERE tc.tgt_id = {$id}"; +# $this->help->execute(); $this->update_Target_Counts($id); } From 21082c7513725501dd161b465a3c1d7b2bf1b18f Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Tue, 6 Nov 2018 15:36:48 -0500 Subject: [PATCH 18/52] checklist.inc - deleted duplicate BIND 9 checklist icon entry finding.inc - removed ID property to prevent duplicate findings from being added to the table host_list.inc - deleted unused constructor import.inc - formatting db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references Database_Baseline.zip - updated routines for above change background_results.php - fixed bug #19 export-ckl.php - performance adjustments parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2) parse_* - remove findings.id field database.inc - formatting, and update for removing findings.id field index.php - ensure user can't import a host list without uploading a host list file Fixed: #65, #51, #28, #27, #10 --- classes/checklist.inc | 4 +- classes/finding.inc | 21 +- classes/host_list.inc | 9 +- classes/import.inc | 1451 ++- db_schema.json | 12680 +++++++++++++------------- exec/background_results.php | 2 +- exec/export-ckl.php | 7 +- exec/parse_excel_echecklist.php | 36 +- exec/parse_host_data_collection.php | 6 +- exec/parse_mssql.php | 6 +- exec/parse_nessus.php | 10 +- exec/parse_nvd_json_cve.php | 55 +- exec/parse_scc_xccdf.php | 10 +- inc/database.inc | 7533 +++++++-------- inc/xml_parser.inc | 8 +- ste/export.php | 6 +- ste/index.php | 2 +- 17 files changed, 10873 insertions(+), 10973 deletions(-) diff --git a/classes/checklist.inc b/classes/checklist.inc index 28a550d..966da27 100644 --- a/classes/checklist.inc +++ b/classes/checklist.inc @@ -21,6 +21,7 @@ * - May 13, 2017 - Added WindowsFirewall.jpg image for checklist * - May 19, 2017 - Fixed typo for WindowsFirewall * - Aug 23, 2017 - JO, Expanded checklist icons + * - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry */ /** @@ -545,9 +546,6 @@ class checklist case (preg_match("/Mobile Device/i", $this->name) ? true : false): $this->icon = 'mobile-device.jpg'; break; - case (preg_match("/BIND 9/i", $this->name) ? true : false): - $this->icon = 'BIND DNS.jpg'; - break; case (preg_match("/Remote Access/i", $this->name) ? true : false): $this->icon = 'remote-access.gif'; break; diff --git a/classes/finding.inc b/classes/finding.inc index 103cced..b6944a7 100644 --- a/classes/finding.inc +++ b/classes/finding.inc @@ -22,6 +22,7 @@ * - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty) * - Jan 10, 2018 - Formatting * - May 24, 2018 - Simplified get_Finding_Status_ID method + * - Nov 6, 2018 - Removed ID property to keep from duplicate findings */ /** @@ -32,13 +33,6 @@ */ class finding { - /** - * Finding ID - * - * @var integer - */ - protected $id = null; - /** * Target ID * @@ -155,7 +149,6 @@ class finding { /** * Constructor * - * @param integer $int_ID * @param integer $int_Tgt_ID * @param integer $int_PDI_ID * @param integer $int_Scan_ID @@ -165,8 +158,7 @@ class finding { * @param string $str_Orig_Src * @param integer $int_Finding_Itr */ - public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) { - $this->id = $int_ID; + public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) { $this->tgt_id = $int_Tgt_ID; $this->pdi_id = $int_PDI_ID; $this->scan_id = $int_Scan_ID; @@ -182,15 +174,6 @@ class finding { $this->finding_itr = $int_Finding_Itr; } - /** - * Getter function for Finding ID - * - * @return integer - */ - public function get_ID() { - return $this->id; - } - /** * Getter function for target ID * diff --git a/classes/host_list.inc b/classes/host_list.inc index 1594b6d..6e1f39c 100644 --- a/classes/host_list.inc +++ b/classes/host_list.inc @@ -13,6 +13,7 @@ * Change Log: * - Jan 16, 2018 - File created * - Feb 6, 2018 - Added getter/setter methods + * - Nov 6, 2018 - Deleted unused constructor */ /** @@ -65,14 +66,6 @@ class host_list */ private $_scanNotes = null; - /** - * Constructor - */ - public function __construct() - { - - } - /** * Getter function for _targetId * diff --git a/classes/import.inc b/classes/import.inc index dd7fc5a..db9c6bb 100644 --- a/classes/import.inc +++ b/classes/import.inc @@ -39,85 +39,89 @@ include_once 'vendor/autoload.php'; * * @author Ryan Prather */ -class import { +class import +{ - /** - * The current include_once path - * - * @var string - */ - protected $current_path = ''; + /** + * The current include_once path + * + * @var string + */ + protected $current_path = ''; - /** - * String array of regular expressions. - * Files matching these expressions will be skipped - * - * @var string - */ - protected $SKIP = array( - '/HBSS/i', - '/SharePoint/i', - '/ISSE/i', - '/_[Mm]ac/i', - '/Guard/i', - '/SME_PED/i', - '/_zOS_/i', - '/BlackBerry/i', - '/C2\-Fix/i', - '/Enclave_Zone/i', - '/General_Mobile/i', - '/Remote_/i', - '/_Tandem/i', - '/xenapp/i', - '/internet/i', - '/android/i', - '/JVAP/i', - '/apple/i', - '/OpenVMS/i', - '/VVoIP/i', - '/Wireless/i', - '/REL-LAN/i', - '/dictionary/i', - '/IBM_/i', - '/Smartphone/i', - '/Exchange/i', - '/Juniper/i', - '/Mobility/i', - '/ESXi/i', - '/FW_SRG/i', - '/PlayBook_OS/i', - '/vCenter_Server/i' - ); + /** + * String array of regular expressions. + * Files matching these expressions will be skipped + * + * @var string + */ + protected $SKIP = array( + '/HBSS/i', + '/SharePoint/i', + '/ISSE/i', + '/_[Mm]ac/i', + '/Guard/i', + '/SME_PED/i', + '/_zOS_/i', + '/BlackBerry/i', + '/C2\-Fix/i', + '/Enclave_Zone/i', + '/General_Mobile/i', + '/Remote_/i', + '/_Tandem/i', + '/xenapp/i', + '/internet/i', + '/android/i', + '/JVAP/i', + '/apple/i', + '/OpenVMS/i', + '/VVoIP/i', + '/Wireless/i', + '/REL-LAN/i', + '/dictionary/i', + '/IBM_/i', + '/Smartphone/i', + '/Exchange/i', + '/Juniper/i', + '/Mobility/i', + '/ESXi/i', + '/FW_SRG/i', + '/PlayBook_OS/i', + '/vCenter_Server/i' + ); - /** - * Class constructor - */ - public function __construct() { - set_time_limit(0); - } - - /** - * Class destructor to reset the include_once path and time limits - */ - public function __destruct() { - set_time_limit(30); - } - - /** - * Function to scan the tmp directory for result files and call the appropriate parsers - */ - public function scan_Result_Files($redirect = true) { - chdir(DOC_ROOT . "/exec"); - - $ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false"; - $doc_root = realpath(DOC_ROOT); - $ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT); - if (!$ste) { - $ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT); + /** + * Class constructor + */ + public function __construct() + { + set_time_limit(0); } - $location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING); - $conf = <<run(); + + if ($redirect) { + header("/results/"); + } } - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . - " -c " . realpath(PHP_CONF) . - " -f " . realpath(DOC_ROOT . "/exec/background_results.php"); + /** + * Function to scan '/xampp/www/tmp' directory for catalog files + */ + public function scan_Catalog_Files() + { + chdir(DOC_ROOT . "/tmp"); + $files = glob("*"); - if (LOG_LEVEL == E_DEBUG) { - Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG); + foreach ($files as $file) { + if (substr($file, - 3) == 'zip') { + // $this->import_STIG_ZIP("../tmp/$file"); + } elseif (preg_match('/pdi\-|\_catalog/i', $file)) { + // $this->import_PDI_CSV("../tmp/$file"); + } elseif (preg_match('/\-xccdf\.xml$/i', $file)) { + // $this->import_STIG("../tmp/$file"); + } + } } - $process = new Cocur\BackgroundProcess\BackgroundProcess("cd " . realpath(DOC_ROOT . "/exec") . " && " . $script); - $process->run(); + /** + * Function to scan host data files and import findings + */ + public function import_Host_Data_Collection() + { + $db = new db(); - if ($redirect) { - header("/results/"); - } - } + $doc_root = realpath(DOC_ROOT); + $overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false"); - /** - * Function to scan '/xampp/www/tmp' directory for catalog files - */ - public function scan_Catalog_Files() { - chdir(DOC_ROOT . "/tmp"); - $files = glob("*"); - - foreach ($files as $file) { - if (substr($file, -3) == 'zip') { - // $this->import_STIG_ZIP("../tmp/$file"); - } - elseif (preg_match('/pdi\-|\_catalog/i', $file)) { - // $this->import_PDI_CSV("../tmp/$file"); - } - elseif (preg_match('/\-xccdf\.xml$/i', $file)) { - // $this->import_STIG("../tmp/$file"); - } - } - } - - /** - * Function to scan host data files and import findings - */ - public function import_Host_Data_Collection() { - $db = new db(); - - $doc_root = realpath(DOC_ROOT); - $overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false"); - - $conf = <<CurrentDirectory = DOC_ROOT; - $shell->run($script, 0, false); - } - elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') { - exec("$script > /dev/null &"); - } - else { - Sagacity_Error::err_handler("Unknown OS: " . PHP_OS); - } - - - header("Location: /ste/"); - } - - /** - * function to import PDI CSV file to database - */ - public function import_PDI_CSV() { - $db = new db(); - - $handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r"); - $data = fgetcsv($handle); - $data = fgetcsv($handle); - - while ($data = fgetcsv($handle)) { - $catalog = array( - 'stig_id' => (isset($data[0]) ? $data[0] : ""), - 'vms_id' => (isset($data[1]) ? $data[1] : ""), - 'cat_lvl' => (isset($data[2]) ? $data[2] : "II"), - 'ia_controls' => (isset($data[3]) ? $data[3] : ""), - 'short_title' => (isset($data[4]) ? $data[4] : ""), - 'description' => (isset($data[5]) ? $data[5] : ""), - 'notes' => (isset($data[6]) ? $data[6] : ""), - 'retina_id' => (isset($data[7]) ? $data[7] : ""), - 'vul_id' => (isset($data[8]) ? $data[8] : ""), - 'check_contents' => (isset($data[9]) ? $data[9] : ""), - 'sv_rule_id' => (isset($data[10]) ? $data[10] : ""), - 'nessus_id' => (isset($data[11]) ? $data[11] : "") - ); - - if ($catalog['stig_id'] != 'No Reference') { - $ref = $db->get_STIG($catalog['stig_id']); - } - - if (is_null($ref) && $catalog['vms_id'] != 'No Reference') { - $ref = $db->get_GoldDisk($catalog['vms_id']); - } - - if (is_array($ref) && count($ref) && isset($ref[0])) { - $ref = $ref[0]; - } - - if (!is_null($ref)) { - $pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW"); - $pdi->set_Short_Title($catalog['short_title']); - $pdi->set_Group_Title($catalog['short_title']); - $pdi->set_Description($catalog['description']); - - if ($catalog['ia_controls']) { - $ia_controls = array(); - foreach (explode(" ", $catalog['ia_controls']) as $ia) { - $ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1)); - } - - if (!$db->save_IA_Control($ia_controls)) { - print "error updating ia controls on id: " . $ref->get_ID() . "
"; - } + if (substr(strtolower(PHP_OS), 0, 3) == 'win') { + $shell = new COM("WScript.Shell"); + $shell->CurrentDirectory = DOC_ROOT; + $shell->run($script, 0, false); + } elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') { + exec("$script > /dev/null &"); + } else { + Sagacity_Error::err_handler("Unknown OS: " . PHP_OS); } - // Check for retina data - if ($catalog['retina_id']) { - $retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']); - - if (!$db->save_Retina($retina)) { - print "error updating retina id: " . $catalog['retina_id'] . "
"; - } - } - - // Vul_ID - if ($catalog['vul_id']) { - - } - - if ($catalog['sv_rule_id']) { - $sv_rule = array(); - foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { - $sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule); - } - - if (!$db->save_SV_Rule($sv_rule)) { - print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; - } - } - - if ($catalog['nessus_id']) { - $nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']); - - if (!$db->save_Nessus($nessus)) { - print "error updating nessus id: " . $catalog['nessus_id'] . "
"; - } - } - } - else { - $pdi = new pdi(0, $catalog['cat_lvl'], "NOW"); - $pdi->set_Short_Title($catalog['short_title']); - $pdi->set_Group_Title($catalog['short_title']); - $pdi->set_Description($catalog['description']); - - $pdi_id = $db->save_PDI($pdi); - - if ($catalog['stig_id'] != 'No Reference') { - $stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']); - $ref = $stig; - $db->add_Stig($stig); - } - - if ($catalog['vms_id'] != 'No Reference') { - $golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']); - - if ($ref == null) { - $ref = $golddisk; - } - - $db->save_GoldDisk($golddisk); - } - - if ($catalog['ia_controls']) { - $ia_controls = array(); - foreach (explode(" ", $catalog['ia_controls']) as $ia) { - $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1)); - } - - if (!$db->save_IA_Control($ia_controls)) { - print "error updating ia controls on pdi_id: " . $ref->get_ID() . "
"; - } - } - - // Check for retina data - if ($catalog['retina_id']) { - $retina = new retina($pdi_id, $catalog['retina_id']); - - if (!$db->save_Retina($retina)) { - print "error updating retina id: " . $catalog['retina_id'] . "
"; - } - } - - // Vul_ID - if ($catalog['vul_id']) { - - } - - // sv_rule - if ($catalog['sv_rule_id']) { - $sv_rule = array(); - foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { - $sv_rule[] = new sv_rule($pdi_id, $rule); - } - - if (!$db->save_SV_Rule($sv_rule)) { - print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; - } - } - - if ($catalog['nessus_id']) { - $nessus = new nessus($pdi_id, $catalog['nessus_id']); - - if (!$db->save_Nessus($nessus)) { - print "error updating nessus id: " . $catalog['nessus_id'] . "
"; - } - } - } - } - fclose($handle); - } - - /** - * function for SRR script - * runs script net-SRR.pl - * exports a csv format file - */ - public function net_SRR() { - - } - - /** - * function for unix SRR conversion to csv - * runs script unix-xml-to-echecklist.pl - * runs script unix-srr-to-csv.pl - */ - public function unix_srr_to_csv() { - - } - - /** - * Function to import DISA STIG content to database - * - * @param array $request - */ - public function import_STIG_XML($request = array()) { - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . - realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . - (isset($request['delete']) ? ' --delete' : '') . - (isset($request['override']) ? " --ia" : ""); - - $shell = new COM("WScript.Shell"); - $shell->CurrentDirectory = DOC_ROOT . "/exec"; - $shell->run($script, 0, false); - - header("location: " . $_SERVER['HTTP_REFERER']); - } - - /** - * Function to convert a retina CSV to an eChecklist and store on database - */ - public function retina_csv_echecklist() { - $files = glob('*.csv'); - $db = new db(); - - $source = $db->get_Sources('Retina'); - $ste = $db->get_STE($_REQUEST['ste'])[0]; - - foreach ($files as $file) { - $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); - $db->save_Scan($scan); - - exec(PERL . "/perl " . DOC_ROOT . "/exec/retina-csv-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); - } - } - - /** - * function to import golddisk info into scans table - * runs script golddisk-xml-to-echecklist.pl - */ - public function golddisk_xml_echecklist() { - $files = glob('*.xml'); - $db = new db(); - - $source = $db->get_Sources('Golddisk'); - $ste = $db->get_STE($_REQUEST['ste'])[0]; - - foreach ($files as $file) { - $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); - $db->save_Scan($scan); - - exec(PERL . "/perl " . DOC_ROOT . "/exec/golddisk-xml-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); - } - } - - /** - * - */ - public function import_IAVM_CVE() { - $filename = '../tmp/iavm-to-cve(u).xml'; - $xml = simplexml_load_file($filename); - $db = new db(); - - foreach ($xml->IAVM as $iavm) { - $vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']); - $stig_id = (string) $iavm->S['IAVM']; - $title = (string) $iavm->S['Title']; - $release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']); - $revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']); - - $cves_tags = $iavm->CVEs; - $cves = array(); - - $pdi = $db->get_Stig($stig_id); - if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) { - $pdi = $pdi[0]; - } - - if (is_null($pdi)) { - $pdi = $db->get_GoldDisk($vms_id); - if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) { - $pdi = $pdi[0]; - } - } - - if (is_null($pdi)) { - $cat_lvl = substr_count((string) $iavm->S['Severity'], 'I'); - $pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']); - $pdi->set_Short_Title($title); - $pdi->set_Group_Title($title); - $pdi->set_Description($title); - $pdi_id = $db->save_PDI($pdi); - - $stig = new stig($pdi_id, $stig_id, $title); - $db->add_Stig($stig); - - $golddisk = new golddisk($pdi_id, $vms_id, $title); - $db->save_GoldDisk($golddisk); - } - else { - $pdi_id = $pdi->get_PDI_ID(); - } - - foreach ($cves_tags->CVENumber as $cve) { - $cve_id = (string) $cve; - - $cves[] = new cve(null, $cve_id, $release_date, $title); - } - - $db->add_CVE($cves); - - $ref_tags = $iavm->References; - $refs = array(); - - foreach ($ref_tags->Reference as $ref) { - $ref_type = ''; - $adv_id = ''; - $url = (string) $ref['URL']; - $name = (string) $ref['RefName']; - $match = array(); - - $refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url); - } + header("Location: /ste/"); } - $ref = $row[8]; - $url = $row[9]; - - if (strpos($ref, 'Microsoft') !== false) { - $x++; - $type = 'Microsoft'; - $ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Adobe') !== false) { - $x++; - $type = 'Adobe'; - $ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Apache') !== false) { - $x++; - $type = 'Apache'; - $ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'CERT') !== false) { - $x++; - $type = 'US-CERT'; - $match = array(); - - if (strpos($url, 'techalerts') !== false) { - $ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match); - } - elseif (strpos($url, 'vuls') !== false) { - $ret = preg_match('/([^\/]+)$/', $url, $match); - } - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Cisco') !== false) { - $x++; - $type = 'Cisco'; - $ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match); - - if (count($match) > 0) { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\/]+)$/', $url, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Citrix') !== false) { - $x++; - $type = 'Citrix'; - $ret = preg_match('/([^\/]+)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Debian') !== false) { - $x++; - $type = 'Debian'; - $ret = preg_match('/([^\/]+)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'HP') !== false) { - $x++; - $type = 'HP'; - $ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - else { - $ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'IBM') !== false) { - $x++; - $type = 'IBM'; - $ret = preg_match('/(\d{5,8})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\=|\/]+)$/', $url, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Juniper') !== false) { - $x++; - $type = 'Juniper'; - $ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Oracle') !== false) { - $x++; - $type = 'Oracle'; - $url = basename($url); - $ret = preg_match('/([\S]+)\.html/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'McAfee') !== false) { - $x++; - $type = 'McAfee'; - $query = parse_query($url); - - if (count($match)) { - $id = isset($query['id']) ? $query['id'] : ''; - } - } - elseif (strpos($ref, 'Red Hat') !== false) { - $x++; - $type = 'Red Hat'; - $ret = preg_match('/([^\/]+)\.html/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Secunia') !== false) { - $x++; - $type = 'Secunia'; - $ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match); - - if (count($match)) { - if ($match[2] == 'advisory') { - $id = $match[1]; - } - elseif (is_numeric($match[1]) && count($match[2]) == 1) { - $id = $match[1]; - } - else { - $id = $match[2]; - } - } - } - elseif (strpos($url, 'securitytracker') !== false) { - $x++; - $type = 'Security Tracker'; - $ret = preg_match('/([^\/]+)\.html$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'SecurityFocus') !== false) { - $x++; - $type = 'SecurityFocus'; - $ret = preg_match('/([^\/]+)\/?$/', $url, $match); - - if (count($match)) { - if ($match[1] != 'info') { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\/]+)\/info/', $url, $match); - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Sun') !== false) { - $x++; - $type = 'Sun'; - $query = parse_query($url); - - $id = isset($query['assetkey']) ? $query['assetkey'] : ''; - - if (!$id) { - $ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match); - $id = $match[1]; - } - } - elseif (strpos($ref, 'Symantec') !== false) { - $x++; - $type = 'Symantec'; - $ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($url, 'ZDI') !== false) { - $x++; - $type = 'ZDI'; - $ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Wireshark') !== false) { - $x++; - $type = 'Wireshark'; - $ret = preg_match('/([^\/]+)\.html$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - } - - /** - * - * @param string $in - * @return multitype:Ambigous <> - */ - public function parse_query($in) { /** - * Use this function to parse out the query array element from - * the output of parse_url(). + * function to import PDI CSV file to database */ - $query_string = substr($in, strpos($in, '?') + 1); - $query_arr = explode('&', $query_string); - $arr = array(); + public function import_PDI_CSV() + { + $db = new db(); - foreach ($query_arr as $val) { - $x = explode('=', $val); - $arr[$x[0]] = isset($x[1]) ? $x[1] : ''; + $handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r"); + $data = fgetcsv($handle); + $data = fgetcsv($handle); + + while ($data = fgetcsv($handle)) { + $catalog = array( + 'stig_id' => (isset($data[0]) ? $data[0] : ""), + 'vms_id' => (isset($data[1]) ? $data[1] : ""), + 'cat_lvl' => (isset($data[2]) ? $data[2] : "II"), + 'ia_controls' => (isset($data[3]) ? $data[3] : ""), + 'short_title' => (isset($data[4]) ? $data[4] : ""), + 'description' => (isset($data[5]) ? $data[5] : ""), + 'notes' => (isset($data[6]) ? $data[6] : ""), + 'retina_id' => (isset($data[7]) ? $data[7] : ""), + 'vul_id' => (isset($data[8]) ? $data[8] : ""), + 'check_contents' => (isset($data[9]) ? $data[9] : ""), + 'sv_rule_id' => (isset($data[10]) ? $data[10] : ""), + 'nessus_id' => (isset($data[11]) ? $data[11] : "") + ); + + if ($catalog['stig_id'] != 'No Reference') { + $ref = $db->get_STIG($catalog['stig_id']); + } + + if (is_null($ref) && $catalog['vms_id'] != 'No Reference') { + $ref = $db->get_GoldDisk($catalog['vms_id']); + } + + if (is_array($ref) && count($ref) && isset($ref[0])) { + $ref = $ref[0]; + } + + if (! is_null($ref)) { + $pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW"); + $pdi->set_Short_Title($catalog['short_title']); + $pdi->set_Group_Title($catalog['short_title']); + $pdi->set_Description($catalog['description']); + + if ($catalog['ia_controls']) { + $ia_controls = array(); + foreach (explode(" ", $catalog['ia_controls']) as $ia) { + $ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, - 2), substr($ia, - 1)); + } + + if (! $db->save_IA_Control($ia_controls)) { + print "error updating ia controls on id: " . $ref->get_ID() . "
"; + } + } + + // Check for retina data + if ($catalog['retina_id']) { + $retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']); + + if (! $db->save_Retina($retina)) { + print "error updating retina id: " . $catalog['retina_id'] . "
"; + } + } + + // Vul_ID + if ($catalog['vul_id']) {} + + if ($catalog['sv_rule_id']) { + $sv_rule = array(); + foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { + $sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule); + } + + if (! $db->save_SV_Rule($sv_rule)) { + print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; + } + } + + if ($catalog['nessus_id']) { + $nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']); + + if (! $db->save_Nessus($nessus)) { + print "error updating nessus id: " . $catalog['nessus_id'] . "
"; + } + } + } else { + $pdi = new pdi(0, $catalog['cat_lvl'], "NOW"); + $pdi->set_Short_Title($catalog['short_title']); + $pdi->set_Group_Title($catalog['short_title']); + $pdi->set_Description($catalog['description']); + + $pdi_id = $db->save_PDI($pdi); + + if ($catalog['stig_id'] != 'No Reference') { + $stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']); + $ref = $stig; + $db->add_Stig($stig); + } + + if ($catalog['vms_id'] != 'No Reference') { + $golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']); + + if ($ref == null) { + $ref = $golddisk; + } + + $db->save_GoldDisk($golddisk); + } + + if ($catalog['ia_controls']) { + $ia_controls = array(); + foreach (explode(" ", $catalog['ia_controls']) as $ia) { + $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, - 2), substr($ia, - 1)); + } + + if (! $db->save_IA_Control($ia_controls)) { + print "error updating ia controls on pdi_id: " . $ref->get_ID() . "
"; + } + } + + // Check for retina data + if ($catalog['retina_id']) { + $retina = new retina($pdi_id, $catalog['retina_id']); + + if (! $db->save_Retina($retina)) { + print "error updating retina id: " . $catalog['retina_id'] . "
"; + } + } + + // Vul_ID + if ($catalog['vul_id']) {} + + // sv_rule + if ($catalog['sv_rule_id']) { + $sv_rule = array(); + foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { + $sv_rule[] = new sv_rule($pdi_id, $rule); + } + + if (! $db->save_SV_Rule($sv_rule)) { + print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; + } + } + + if ($catalog['nessus_id']) { + $nessus = new nessus($pdi_id, $catalog['nessus_id']); + + if (! $db->save_Nessus($nessus)) { + print "error updating nessus id: " . $catalog['nessus_id'] . "
"; + } + } + } + } + fclose($handle); } - unset($val, $x, $var); - return $arr; - } - /** - * Function for fixing a DISA OVAL file - */ - public function fix_Oval() { - chdir("../tmp"); - $files = glob("*-oval.xml"); - $ret = ''; - $db = new db(); + /** + * function for SRR script + * runs script net-SRR.pl + * exports a csv format file + */ + public function net_SRR() + {} - foreach ($files as $file) { - $xml = new DOMDocument(); - if (!$xml->load($file)) { - error_log("error reading xml file"); - } - $xml->formatOutput = true; - $xml->preserveWhiteSpace = true; - $const_arr = null; + /** + * function for unix SRR conversion to csv + * runs script unix-xml-to-echecklist.pl + * runs script unix-srr-to-csv.pl + */ + public function unix_srr_to_csv() + {} - $variables = $xml->getElementsByTagName("variables") - ->item(0); - $first_node = $variables->firstChild; - while ($node = $xml->getElementsByTagName("external_variable") - ->item(0)) { - $id = $node->getAttribute("id"); - $id = explode(':', $id)[3]; + /** + * Function to import DISA STIG content to database + * + * @param array $request + */ + public function import_STIG_XML($request = array()) + { + $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : ""); - $comment = $node->getAttribute("comment"); - $ver = $node->getAttribute("version"); - $datatype = $node->getAttribute("datatype"); + $shell = new COM("WScript.Shell"); + $shell->CurrentDirectory = DOC_ROOT . "/exec"; + $shell->run($script, 0, false); - $tmp = $db->get_Oval_Const($id); - $const_arr[$tmp['const_id']]['values'] = $tmp['values']; - $const_arr[$tmp['const_id']]['ver'] = $ver; - $const_arr[$tmp['const_id']]['datatype'] = $datatype; - $const_arr[$tmp['const_id']]['comment'] = $comment; + header("location: " . $_SERVER['HTTP_REFERER']); + } - $var_com = $xml->createElement('variable_component'); - $var_com->setAttribute('var_ref', "oval:smc.gpea.windows:var:" . $tmp['const_id']); + /** + * Function to convert a retina CSV to an eChecklist and store on database + */ + public function retina_csv_echecklist() + { + $files = glob('*.csv'); + $db = new db(); - $loc_var = $xml->createElement('local_variable'); - $loc_var->setAttribute('id', "oval:mil.disa.fso.windows:var:" . $id); - $loc_var->setAttribute('version', $ver); - $loc_var->setAttribute('datatype', $datatype); - $loc_var->setAttribute('comment', $comment); - $loc_var->appendChild($var_com); + $source = $db->get_Sources('Retina'); + $ste = $db->get_STE($_REQUEST['ste'])[0]; - $variables->replaceChild($loc_var, $node); - } + foreach ($files as $file) { + $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); + $db->save_Scan($scan); - foreach ($const_arr as $key => $value) { - $const_var = $xml->createElement('constant_variable'); - $const_var->setAttribute('id', 'oval:smc.gpea.windows:var:' . $key); - $const_var->setAttribute('version', $const_arr[$key]['ver']); - $const_var->setAttribute('datatype', $const_arr[$key]['datatype']); - $const_var->setAttribute('comment', $const_arr[$key]['comment']); + exec(PERL . "/perl " . DOC_ROOT . "/exec/retina-csv-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); + } + } - foreach ($value['values'] as $val) { - $txt = $xml->createTextNode($val); - $val_var = $xml->createElement("value"); - $val_var->appendChild($txt); + /** + * function to import golddisk info into scans table + * runs script golddisk-xml-to-echecklist.pl + */ + public function golddisk_xml_echecklist() + { + $files = glob('*.xml'); + $db = new db(); - $const_var->appendChild($val_var); + $source = $db->get_Sources('Golddisk'); + $ste = $db->get_STE($_REQUEST['ste'])[0]; + + foreach ($files as $file) { + $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); + $db->save_Scan($scan); + + exec(PERL . "/perl " . DOC_ROOT . "/exec/golddisk-xml-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); + } + } + + /** + */ + public function import_IAVM_CVE() + { + $filename = '../tmp/iavm-to-cve(u).xml'; + $xml = simplexml_load_file($filename); + $db = new db(); + + foreach ($xml->IAVM as $iavm) { + $vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']); + $stig_id = (string) $iavm->S['IAVM']; + $title = (string) $iavm->S['Title']; + $release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']); + $revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']); + + $cves_tags = $iavm->CVEs; + $cves = array(); + + $pdi = $db->get_Stig($stig_id); + if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) { + $pdi = $pdi[0]; + } + + if (is_null($pdi)) { + $pdi = $db->get_GoldDisk($vms_id); + if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) { + $pdi = $pdi[0]; + } + } + + if (is_null($pdi)) { + $cat_lvl = substr_count((string) $iavm->S['Severity'], 'I'); + $pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']); + $pdi->set_Short_Title($title); + $pdi->set_Group_Title($title); + $pdi->set_Description($title); + $pdi_id = $db->save_PDI($pdi); + + $stig = new stig($pdi_id, $stig_id, $title); + $db->add_Stig($stig); + + $golddisk = new golddisk($pdi_id, $vms_id, $title); + $db->save_GoldDisk($golddisk); + } else { + $pdi_id = $pdi->get_PDI_ID(); + } + + foreach ($cves_tags->CVENumber as $cve) { + $cve_id = (string) $cve; + + $cves[] = new cve(null, $cve_id, $release_date, $title); + } + + $db->add_CVE($cves); + + $ref_tags = $iavm->References; + $refs = array(); + + foreach ($ref_tags->Reference as $ref) { + $ref_type = ''; + $adv_id = ''; + $url = (string) $ref['URL']; + $name = (string) $ref['RefName']; + $match = array(); + + $refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url); + } } - $variables->appendChild($const_var); - } + $ref = $row[8]; + $url = $row[9]; - rename($file, "oval\\$file"); - return $xml->saveXML(); + if (strpos($ref, 'Microsoft') !== false) { + $x ++; + $type = 'Microsoft'; + $ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Adobe') !== false) { + $x ++; + $type = 'Adobe'; + $ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Apache') !== false) { + $x ++; + $type = 'Apache'; + $ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'CERT') !== false) { + $x ++; + $type = 'US-CERT'; + $match = array(); + + if (strpos($url, 'techalerts') !== false) { + $ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match); + } elseif (strpos($url, 'vuls') !== false) { + $ret = preg_match('/([^\/]+)$/', $url, $match); + } + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Cisco') !== false) { + $x ++; + $type = 'Cisco'; + $ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match); + + if (count($match) > 0) { + $id = $match[1]; + } else { + $ret = preg_match('/([^\/]+)$/', $url, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Citrix') !== false) { + $x ++; + $type = 'Citrix'; + $ret = preg_match('/([^\/]+)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Debian') !== false) { + $x ++; + $type = 'Debian'; + $ret = preg_match('/([^\/]+)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'HP') !== false) { + $x ++; + $type = 'HP'; + $ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } else { + $ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'IBM') !== false) { + $x ++; + $type = 'IBM'; + $ret = preg_match('/(\d{5,8})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } else { + $ret = preg_match('/([^\=|\/]+)$/', $url, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Juniper') !== false) { + $x ++; + $type = 'Juniper'; + $ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Oracle') !== false) { + $x ++; + $type = 'Oracle'; + $url = basename($url); + $ret = preg_match('/([\S]+)\.html/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'McAfee') !== false) { + $x ++; + $type = 'McAfee'; + $query = parse_query($url); + + if (count($match)) { + $id = isset($query['id']) ? $query['id'] : ''; + } + } elseif (strpos($ref, 'Red Hat') !== false) { + $x ++; + $type = 'Red Hat'; + $ret = preg_match('/([^\/]+)\.html/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Secunia') !== false) { + $x ++; + $type = 'Secunia'; + $ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match); + + if (count($match)) { + if ($match[2] == 'advisory') { + $id = $match[1]; + } elseif (is_numeric($match[1]) && count($match[2]) == 1) { + $id = $match[1]; + } else { + $id = $match[2]; + } + } + } elseif (strpos($url, 'securitytracker') !== false) { + $x ++; + $type = 'Security Tracker'; + $ret = preg_match('/([^\/]+)\.html$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'SecurityFocus') !== false) { + $x ++; + $type = 'SecurityFocus'; + $ret = preg_match('/([^\/]+)\/?$/', $url, $match); + + if (count($match)) { + if ($match[1] != 'info') { + $id = $match[1]; + } else { + $ret = preg_match('/([^\/]+)\/info/', $url, $match); + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Sun') !== false) { + $x ++; + $type = 'Sun'; + $query = parse_query($url); + + $id = isset($query['assetkey']) ? $query['assetkey'] : ''; + + if (! $id) { + $ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match); + $id = $match[1]; + } + } elseif (strpos($ref, 'Symantec') !== false) { + $x ++; + $type = 'Symantec'; + $ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($url, 'ZDI') !== false) { + $x ++; + $type = 'ZDI'; + $ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Wireshark') !== false) { + $x ++; + $type = 'Wireshark'; + $ret = preg_match('/([^\/]+)\.html$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } } - } - private function getElementById($doc, $id) { - $xpath = new DOMXPath($doc); - return $xpath->query("//*[@id='$id']") - ->item(0); - } + /** + * + * @param string $in + * @return multitype:Ambigous <> + */ + public function parse_query($in) + { + /** + * Use this function to parse out the query array element from + * the output of parse_url(). + */ + $query_string = substr($in, strpos($in, '?') + 1); + $query_arr = explode('&', $query_string); + $arr = array(); + foreach ($query_arr as $val) { + $x = explode('=', $val); + $arr[$x[0]] = isset($x[1]) ? $x[1] : ''; + } + unset($val, $x, $var); + return $arr; + } + + /** + * Function for fixing a DISA OVAL file + */ + public function fix_Oval() + { + chdir("../tmp"); + $files = glob("*-oval.xml"); + $ret = ''; + $db = new db(); + + foreach ($files as $file) { + $xml = new DOMDocument(); + if (! $xml->load($file)) { + error_log("error reading xml file"); + } + $xml->formatOutput = true; + $xml->preserveWhiteSpace = true; + $const_arr = null; + + $variables = $xml->getElementsByTagName("variables")->item(0); + $first_node = $variables->firstChild; + while ($node = $xml->getElementsByTagName("external_variable")->item(0)) { + $id = $node->getAttribute("id"); + $id = explode(':', $id)[3]; + + $comment = $node->getAttribute("comment"); + $ver = $node->getAttribute("version"); + $datatype = $node->getAttribute("datatype"); + + $tmp = $db->get_Oval_Const($id); + $const_arr[$tmp['const_id']]['values'] = $tmp['values']; + $const_arr[$tmp['const_id']]['ver'] = $ver; + $const_arr[$tmp['const_id']]['datatype'] = $datatype; + $const_arr[$tmp['const_id']]['comment'] = $comment; + + $var_com = $xml->createElement('variable_component'); + $var_com->setAttribute('var_ref', "oval:smc.gpea.windows:var:" . $tmp['const_id']); + + $loc_var = $xml->createElement('local_variable'); + $loc_var->setAttribute('id', "oval:mil.disa.fso.windows:var:" . $id); + $loc_var->setAttribute('version', $ver); + $loc_var->setAttribute('datatype', $datatype); + $loc_var->setAttribute('comment', $comment); + $loc_var->appendChild($var_com); + + $variables->replaceChild($loc_var, $node); + } + + foreach ($const_arr as $key => $value) { + $const_var = $xml->createElement('constant_variable'); + $const_var->setAttribute('id', 'oval:smc.gpea.windows:var:' . $key); + $const_var->setAttribute('version', $const_arr[$key]['ver']); + $const_var->setAttribute('datatype', $const_arr[$key]['datatype']); + $const_var->setAttribute('comment', $const_arr[$key]['comment']); + + foreach ($value['values'] as $val) { + $txt = $xml->createTextNode($val); + $val_var = $xml->createElement("value"); + $val_var->appendChild($txt); + + $const_var->appendChild($val_var); + } + + $variables->appendChild($const_var); + } + + rename($file, "oval\\$file"); + return $xml->saveXML(); + } + } + + private function getElementById($doc, $id) + { + $xpath = new DOMXPath($doc); + return $xpath->query("//*[@id='$id']")->item(0); + } } diff --git a/db_schema.json b/db_schema.json index f87b9f5..63119fe 100644 --- a/db_schema.json +++ b/db_schema.json @@ -1,6469 +1,6215 @@ { - "tables" : [ - { - "schema" : "sagacity", - "name" : "settings", - "primary_key" : [ - "id" - ], - "unique" : [ - "meta_key" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "meta_key", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "meta_value", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "db_data", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sw_man_match", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : false, - "default" : "" - }, - { - "name" : "man", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "ms-os", - "nix-os", - "net-os", - "ms", - "nix", - "checklist", - "multiple" - ], - "ai" : false, - "nn" : true, - "default" : "multiple" - }, - { - "name" : "rgx", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "sw_name_match", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : false, - "default" : "" - }, - { - "name" : "man_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "man_override", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "ms-os", - "nix-os", - "net-os", - "ms", - "nix", - "checklist", - "multiple" - ], - "ai" : false, - "nn" : true, - "default" : "multiple" - }, - { - "name" : "rgx", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "update_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "is_os", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "multiple", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "swnm_swmm_id", - "local" : "man_id", - "schema" : "sagacity", - "table" : "sw_man_match", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "catalog_scripts", - "primary_key" : [ - "file_name" - ], - "fields" : [ - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "start_time", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "last_update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "IN QUEUE", - "RUNNING", - "COMPLETE", - "ERROR", - "SKIPPED" - ], - "ai" : false, - "nn" : true, - "default" : "IN QUEUE" - }, - { - "name" : "perc_comp", - "dataType" : "decimal(5,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stig_count", - "dataType" : "int(4)", - "type" : 3, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "index" : [ - { - "id" : "catalog_file_name_idx", - "type" : "index", - "ref" : "file_name" - } - ] - }, - { - "schema" : "rmf", - "name" : "family", - "primary_key" : [ - "abbr" - ], - "fields" : [ - { - "name" : "abbr", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "rmf", - "name" : "controls", - "primary_key" : [ - "family_id", - "control_id" - ], - "fields" : [ - { - "name" : "family_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pri", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "statement", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "rmf_family_family_id", - "local" : "family_id", - "schema" : "rmf", - "table" : "family", - "field" : "abbr", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_controls_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "related_controls", - "primary_key" : [ - "control_id", - "related_control_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "related_control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_related_controls_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "rmf_related_controls_related_id", - "local" : "related_control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_related_controls_related_id_idx", - "type" : "index", - "ref" : "related_control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "control_baseline", - "primary_key" : [ - "impact_level", - "control_id" - ], - "fields" : [ - { - "name" : "impact_level", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "moderate", - "high" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_control_baseline_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_control_baseline_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "control_enh", - "primary_key" : [ - "control_id", - "enh_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "rmf_control_enh_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_control_enh_enh_id_idx", - "type" : "index", - "ref" : "enh_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "enhancement_baseline", - "primary_key" : [ - "impact", - "control_id", - "enh_id" - ], - "fields" : [ - { - "name" : "impact", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "moderate", - "high" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_enh_baseline_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "rmf_eny_baseline_enh_id", - "local" : "enh_id", - "schema" : "rmf", - "table" : "control_enh", - "field" : "enh_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_enh_baseline_enh_id_idx", - "type" : "index", - "ref" : "enh_id" - }, - { - "id" : "rmf_enh_baseline_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "cci", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "def", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "procedures", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "fk_cci_controls1", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "fk_cci_control_enh1", - "local" : "enh_id", - "schema" : "rmf", - "table" : "control_enh", - "field" : "enh_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "fk_cci_controls1_idx", - "type" : "index", - "ref" : "control_id" - }, - { - "id" : "fk_cci_control_enh1_idx", - "type" : "index", - "ref" : "enh_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "emass_cci", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control", - "dataType" : "varchar(25)", - "type" : 253, - "length" : 25, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "help", - "primary_key" : [ - "section" - ], - "fields" : [ - { - "name" : "section", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "topic", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "content", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "section_id", - "type" : "index", - "ref" : "section" - } - ] - }, - { - "schema" : "sagacity", - "name" : "pdi_catalog", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "1", - "2", - "3" - ], - "ai" : false, - "nn" : true, - "default" : "2" - }, - { - "name" : "update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "short_title", - "dataType" : "varchar(1024)", - "type" : 253, - "length" : 1024, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "check_contents", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sites", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "address", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "city", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "state", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "zip", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "country", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "US" - }, - { - "name" : "poc_name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "poc_email", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "poc_phone", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "system", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "abbr", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "mac", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "1", - "2", - "3" - ], - "ai" : false, - "nn" : true, - "default" : "3" - }, - { - "name" : "classification", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "Unclass", - "FOUO", - "C", - "S", - "TS", - "SCI", - "Public", - "Classified", - "Sensitive" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "acred_type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "diacap", - "rmf", - "pci", - "nispom", - "hipaa", - "sox", - "cobit" - ], - "ai" : false, - "nn" : false, - "default" : "diacap" - }, - { - "name" : "mitigations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "executive_summary", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "diagram", - "dataType" : "mediumblob", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "software", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cpe", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cpe23", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "sw_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "short_sw_string", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sources", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "icon", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "false_positives", - "primary_key" : [ - "pdi_id", - "src_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "fp_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "fp_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "exceptions", - "primary_key" : [ - "pdi_id", - "sys_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sys_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "exp_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "exp_sys_id", - "local" : "sys_id", - "schema" : "sagacity", - "table" : "system", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "task_status", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "category", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "findings_status", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ports_proto_services", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "port", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "proto", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "tcp", - "udp", - "dccp", - "sctp" - ], - "ai" : false, - "nn" : true, - "default" : "tcp" - }, - { - "name" : "IANA_Name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "banner", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_ia_controls", - "primary_key" : [ - "control_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "subject_area", - "dataType" : "varchar(50)", - "type" : 253, - "length" : 50, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "threat_vul_cm", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "gen_imp_guide", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "impact", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "medium", - "high" - ], - "ai" : false, - "nn" : false, - "default" : "medium" - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_ia_sub_controls", - "primary_key" : [ - "sub_control_id" - ], - "fields" : [ - { - "name" : "sub_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "parent_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "objective", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "prep", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "script", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "exp_result", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "parent_cont_id", - "local" : "parent_control_id", - "schema" : "sagacity", - "table" : "proc_ia_controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "parent_cont_id_idx", - "type" : "index", - "ref" : "parent_control_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_level_type", - "primary_key" : [ - "proc_control_id", - "type", - "level", - "class" - ], - "fields" : [ - { - "name" : "proc_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "diacap", - "rmf" - ], - "ai" : false, - "nn" : true, - "default" : "diacap" - }, - { - "name" : "level", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : null - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "cl", - "pub", - "sen", - "u", - "fouo", - "s", - "ts", - "sci" - ], - "ai" : false, - "nn" : true, - "default" : null - } - ], - "constraints" : [ - { - "id" : "proc_control_id", - "local" : "proc_control_id", - "schema" : "sagacity", - "table" : "proc_ia_controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "checklist", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "checklist_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "release", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "benchmark", - "manual", - "policy", - "iavm" - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "icon", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "checklist_software_lookup", - "primary_key" : [ - "chk_id", - "sw_id" - ], - "fields" : [ - { - "name" : "chk_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "chk_sw_lu_chk_id", - "local" : "chk_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "chk_sw_lu_sw_id", - "local" : "sw_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "chk_sw_lu_chk_id_idx", - "type" : "index", - "ref" : "chk_id" - }, - { - "id" : "chk_sw_lu_sw_id_idx", - "type" : "index", - "ref" : "sw_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "pdi_checklist_lookup", - "primary_key" : [ - "pdi_id", - "checklist_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "checklist_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "group_title", - "dataType" : "varchar(2048)", - "type" : 253, - "length" : 2048, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "short_title", - "dataType" : "varchar(1024)", - "type" : 253, - "length" : 1024, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "check_contents", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fix_text", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "tweak_data", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "pdi_chk_chk_id", - "local" : "checklist_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "pdi_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "pdi_chk_chk_id_idx", - "type" : "index", - "ref" : "checklist_id" - }, - { - "id" : "pdi_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "advisories", - "primary_key" : [ - "advisory_id", - "pdi_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "advisory_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "impact", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "referece", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ad_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ad_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cce", - "primary_key" : [ - "pdi_id", - "cce_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cce_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cce_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cce_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cci", - "primary_key" : [ - "cci_id" - ], - "fields" : [ - { - "name" : "cci_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "policy", - "technical" - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "definition", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "param", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "note", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "cci_id_idx", - "type" : "index", - "ref" : "cci_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cci_refs", - "primary_key" : [ - "cci_id", - "title" - ], - "fields" : [ - { - "name" : "cci_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : null - }, - { - "name" : "ver", - "dataType" : "tinyint(2)", - "type" : 1, - "length" : 2, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "index", - "dataType" : "varchar(40)", - "type" : 253, - "length" : 40, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cci_refs_cci_id", - "local" : "cci_id", - "schema" : "sagacity", - "table" : "cci", - "field" : "cci_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cci_refs_cci_id_idx", - "type" : "index", - "ref" : "cci_id" - }, - { - "id" : "cci_refs_title_idx", - "type" : "index", - "ref" : "title" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_db", - "primary_key" : [ - "cve_id" - ], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "seq", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phase", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phase_date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cvss", - "dataType" : "decimal(4,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "cve_idx", - "type" : "index", - "ref" : "cve_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_references", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_seq", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "source", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "val", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cve_cve_ref_id", - "local" : "cve_seq", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cve_ref_idx", - "type" : "index", - "ref" : "cve_seq" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve", - "primary_key" : [ - "pdi_id", - "cve_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cve_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "cve_cve_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_web", - "primary_key" : ["cve_id"], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "xml", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cve_web_cve_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "golddisk", - "primary_key" : [ - "pdi_id", - "vms_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "vms_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "short_title", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "gd_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "gd_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ia_controls", - "primary_key" : [ - "pdi_id", - "type", - "type_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type_id", - "dataType" : "varchar(8)", - "type" : 253, - "length" : 8, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ia_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ia_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_notices", - "primary_key" : [ - "noticeId" - ], - "fields" : [ - { - "name" : "noticeId", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "xmlUrl", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "htmlUrl", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "iavmNoticeNumber", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "state", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "lastUpdated", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "releaseDate", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "supersedes", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "executiveSummary", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fixAction", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "note", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "vulnAppsSysAndCntrmsrs", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stigFindingSeverity", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "knownExploits", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "iavm_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "iavm_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_bids", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "bid", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "bids_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "bids_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_mitigations", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "header", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "body", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "mit_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "mit_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_patches", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "patches_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "patches_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_references", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ref_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ref_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_tech_overview", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "details", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "iavm_ovw_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "iavm_ovw_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_to_cve", - "primary_key" : [ - "noticeId", - "cve_id" - ], - "fields" : [ - { - "name" : "noticeId", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cve_lookup_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - }, - { - "id" : "iavm_lookup_id", - "local" : "noticeId", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cve_lookup_id_idx", - "type" : "index", - "ref" : "cve_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus_plugins", - "primary_key" : [ - "plugin_id" - ], - "fields" : [ - { - "name" : "plugin_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "oid", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "copyright", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "version", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_date", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus_meta", - "primary_key" : [ - "meta_id" - ], - "fields" : [ - { - "name" : "meta_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "plugin_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "val", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "nessus_plugin_id", - "local" : "plugin_id", - "schema" : "sagacity", - "table" : "nessus_plugins", - "field" : "plugin_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "nessus_plugin_id_idx", - "type" : "index", - "ref" : "plugin_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus", - "primary_key" : [ - "pdi_id", - "nessus_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "nessus_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "nessus_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "nessus_n_id", - "local" : "nessus_id", - "schema" : "sagacity", - "table" : "nessus_plugins", - "field" : "plugin_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "nessus_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - }, - { - "id" : "nessus_n_id_idx", - "type" : "index", - "ref" : "nessus_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ov_convert", - "primary_key" : [ - "pdi_id", - "const_id", - "value" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "const_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "value", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ov_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ov_con_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "oval", - "primary_key" : [ - "pdi_id", - "oval_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "oval_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "platform", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ext_def", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ext_def_op", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "oval_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "oval_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "oval_ref", - "primary_key" : [ - "oval_id", - "source" - ], - "fields" : [ - { - "name" : "oval_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "source", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ref_id", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "stigs", - "primary_key" : [ - "pdi_id", - "stig_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "stig_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "varchar(1000)", - "type" : 253, - "length" : 1000, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "tweak_data", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "stigs_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "stigs_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "sv_rule", - "primary_key" : [ - "pdi_id", - "sv_rule" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sv_rule", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "sv_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "sv_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "people", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "org", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phone", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "system_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "site_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "eval_start", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "eval_end", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "multiple", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "primary", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "scope", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ao", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "assumptions", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "constraints", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "recommendations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "residual_risk", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "risk_status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "very low", - "low", - "medium", - "high", - "very high" - ], - "ai" : false, - "nn" : false, - "default" : "medium" - }, - { - "name" : "deviations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "conclusion", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_sys_id", - "local" : "system_id", - "schema" : "sagacity", - "table" : "system", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_site_id", - "local" : "site_id", - "schema" : "sagacity", - "table" : "sites", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ste_sys_id_idx", - "type" : "index", - "ref" : "system_id" - }, - { - "id" : "ste_site_id_idx", - "type" : "index", - "ref" : "site_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_team", - "primary_key" : [ - "people_id", - "ste_id" - ], - "fields" : [ - { - "name" : "people_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pos", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_team_people_id", - "local" : "people_id", - "schema" : "sagacity", - "table" : "people", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_team_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_cat", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "analysts", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_cat_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ste_cat_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_cat_sources", - "primary_key" : [ - "cat_id", - "src_id" - ], - "fields" : [ - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ste_cat_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_cat_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "interview_questions", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "key", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "question", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "category_interview", - "primary_key" : [ - "cat_id", - "ques_id" - ], - "fields" : [ - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ques_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "answer", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cat_int_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "cat_int_ques_id", - "local" : "ques_id", - "schema" : "sagacity", - "table" : "interview_questions", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cat_int_ques_id_idx", - "type" : "index", - "ref" : "ques_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "scans", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "itr", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "file_name", - "dataType" : "varchar(150)", - "type" : 253, - "length" : 150, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "start_time", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "last_update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "IN QUEUE", - "RUNNING", - "COMPLETE", - "ERROR", - "TERMINATED" - ], - "ai" : false, - "nn" : true, - "default" : "IN QUEUE" - }, - { - "name" : "perc_comp", - "dataType" : "decimal(5,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_host", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "hosts_comp", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "host_count", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "location", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "scan_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "scan_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "scan_src_id_idx", - "type" : "index", - "ref" : "src_id" - }, - { - "id" : "scan_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "target", - "primary_key" : [ - "ste_id", - "name" - ], - "unique" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "os_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "auto_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "man_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "data_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fp_cat1_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "location", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "source", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cat_1", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "cat_2", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "cat_3", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "closed", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "not_applicable", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "not_reviewed", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : 0 - }, - { - "name" : "compliance", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "assessed", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "notes", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "missing_patches", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "os_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pp_flag", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "1" - }, - { - "name" : "pp_off", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "U", - "FOUO", - "S" - ], - "ai" : false, - "nn" : false, - "default" : "U" - } - ], - "constraints" : [ - { - "id" : "t_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_os_id", - "local" : "os_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_auto_id", - "local" : "auto_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_man_id", - "local" : "man_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_data_id", - "local" : "data_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_fp_cat1_id", - "local" : "fp_cat1_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "t_id_idx", - "type" : "index", - "ref" : "id" - }, - { - "id" : "t_name_idx", - "type" : "index", - "ref" : "name" - }, - { - "id" : "t_cat_id_idx", - "type" : "index", - "ref" : "cat_id" - }, - { - "id" : "t_os_id_idx", - "type" : "index", - "ref" : "os_id" - }, - { - "id" : "t_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - }, - { - "id" : "t_auto_id_idx", - "type" : "index", - "ref" : "auto_status_id" - }, - { - "id" : "t_man_id_idx", - "type" : "index", - "ref" : "man_status_id" - }, - { - "id" : "t_data_status_id_idx", - "type" : "index", - "ref" : "data_status_id" - }, - { - "id" : "t_fp_cat1_id_idx", - "type" : "index", - "ref" : "fp_cat1_status_id" - } - ], - "triggers" : [ - "DROP TRIGGER IF EXISTS `sagacity`.`target_BEFORE_INSERT`", - "CREATE DEFINER=`web`@`{host}` TRIGGER `sagacity`.`target_BEFORE_INSERT` BEFORE INSERT ON `target` FOR EACH ROW", - "BEGIN", - "SELECT MAX(`id`) INTO @newid", - "FROM `sagacity`.`target`;", - "SET NEW.`id` = COALESCE(@newid + 1, 1);", - "END" - ] - }, - { - "schema" : "sagacity", - "name" : "target_net_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "netstat_connections", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "shares", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "routes", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "firewall_config", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "tnm_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_user_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "login", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "user_list", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_login", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "disabled_accts", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stag_pwds", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "never_logged_in", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pwd_never_expires", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "tum_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_sys_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "mounted", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "process_list", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "autorun", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "services", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_boot", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "remote_registry", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "copyrighted", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "is_vm", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "system", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "bios", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "wmi_listening_pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "tsm_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "interfaces", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ipv4", - "dataType" : "varchar(150)", - "type" : 253, - "length" : 150, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ipv6", - "dataType" : "varchar(400)", - "type" : 253, - "length" : 400, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "hostname", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "mac", - "dataType" : "varchar(40)", - "type" : 253, - "length" : 40, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "fqdn", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "dns", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "int_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_checklist", - "primary_key" : [ - "tgt_id", - "chk_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "chk_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "U", - "FOUO", - "S", - "TS", - "SCI" - ], - "ai" : false, - "nn" : false, - "default" : "U" - } - ], - "constraints" : [ - { - "id" : "chk_tgt_chk_id", - "local" : "chk_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "tgt_tgt_chk_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_software", - "primary_key" : [ - "tgt_id", - "sft_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sft_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "sft_tgt_sft_id", - "local" : "sft_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "tgt_tgt_sft_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "host_list", - "primary_key" : [ - "scan_id", - "tgt_id" - ], - "fields" : [ - { - "name" : "scan_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "finding_count", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "scanner_error", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : "", - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "host_scan_id", - "local" : "scan_id", - "schema" : "sagacity", - "table" : "scans", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "host_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "pps_list", - "primary_key" : [ - "int_id", - "pps_id" - ], - "fields" : [ - { - "name" : "int_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pps_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "banner", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "listening", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "pps_int_id", - "local" : "int_id", - "schema" : "sagacity", - "table" : "interfaces", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "pps_pps_id", - "local" : "pps_id", - "schema" : "sagacity", - "table" : "ports_proto_services", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "findings", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "scan_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "findings_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "int(1)", - "type" : 3, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "change_id", - "dataType" : "tinyint(2)", - "type" : 1, - "length" : 2, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "orig_src", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "finding_itr", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "1" - } - ], - "constraints" : [ - { - "id" : "find_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_scan_id", - "local" : "scan_id", - "schema" : "sagacity", - "table" : "scans", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_status_id", - "local" : "findings_status_id", - "schema" : "sagacity", - "table" : "findings_status", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "finding_controls", - "primary_key" : [ - "finding_id", - "ia_control" - ], - "fields" : [ - { - "name" : "finding_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ia_control", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "find_ctrl_id", - "local" : "finding_id", - "schema" : "sagacity", - "table" : "findings", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "search_filters", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "target", - "scan", - "finding", - "reference" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "criteria", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_sw_lookup", - "primary_key" : [ - "cve_id", - "sw_id" - ], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - } - ] + "tables": [ + { + "schema": "sagacity", + "name": "settings", + "primary_key": [ + "id" + ], + "unique": [ + "meta_key" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "meta_key", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "meta_value", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "db_data", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sw_man_match", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": false, + "default": "" + }, + { + "name": "man", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "ms-os", + "nix-os", + "net-os", + "ms", + "nix", + "checklist", + "multiple" + ], + "ai": false, + "nn": true, + "default": "multiple" + }, + { + "name": "rgx", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "sw_name_match", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": false, + "default": "" + }, + { + "name": "man_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "man_override", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "ms-os", + "nix-os", + "net-os", + "ms", + "nix", + "checklist", + "multiple" + ], + "ai": false, + "nn": true, + "default": "multiple" + }, + { + "name": "rgx", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "update_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "is_os", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "multiple", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "swnm_swmm_id", + "local": "man_id", + "schema": "sagacity", + "table": "sw_man_match", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "catalog_scripts", + "primary_key": [ + "file_name" + ], + "fields": [ + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "start_time", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "last_update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "IN QUEUE", + "RUNNING", + "COMPLETE", + "ERROR", + "SKIPPED" + ], + "ai": false, + "nn": true, + "default": "IN QUEUE" + }, + { + "name": "perc_comp", + "dataType": "decimal(5,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stig_count", + "dataType": "int(4)", + "type": 3, + "length": 4, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "index": [ + { + "id": "catalog_file_name_idx", + "type": "index", + "ref": "file_name" + } + ] + }, + { + "schema": "rmf", + "name": "family", + "primary_key": [ + "abbr" + ], + "fields": [ + { + "name": "abbr", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "rmf", + "name": "controls", + "primary_key": [ + "family_id", + "control_id" + ], + "fields": [ + { + "name": "family_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pri", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "statement", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "rmf_family_family_id", + "local": "family_id", + "schema": "rmf", + "table": "family", + "field": "abbr", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_controls_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "related_controls", + "primary_key": [ + "control_id", + "related_control_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "related_control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_related_controls_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "rmf_related_controls_related_id", + "local": "related_control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_related_controls_related_id_idx", + "type": "index", + "ref": "related_control_id" + } + ] + }, + { + "schema": "rmf", + "name": "control_baseline", + "primary_key": [ + "impact_level", + "control_id" + ], + "fields": [ + { + "name": "impact_level", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "moderate", + "high" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_control_baseline_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_control_baseline_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "control_enh", + "primary_key": [ + "control_id", + "enh_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "rmf_control_enh_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_control_enh_enh_id_idx", + "type": "index", + "ref": "enh_id" + } + ] + }, + { + "schema": "rmf", + "name": "enhancement_baseline", + "primary_key": [ + "impact", + "control_id", + "enh_id" + ], + "fields": [ + { + "name": "impact", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "moderate", + "high" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_enh_baseline_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "rmf_eny_baseline_enh_id", + "local": "enh_id", + "schema": "rmf", + "table": "control_enh", + "field": "enh_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_enh_baseline_enh_id_idx", + "type": "index", + "ref": "enh_id" + }, + { + "id": "rmf_enh_baseline_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "cci", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "def", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "procedures", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "fk_cci_controls1", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "fk_cci_control_enh1", + "local": "enh_id", + "schema": "rmf", + "table": "control_enh", + "field": "enh_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "fk_cci_controls1_idx", + "type": "index", + "ref": "control_id" + }, + { + "id": "fk_cci_control_enh1_idx", + "type": "index", + "ref": "enh_id" + } + ] + }, + { + "schema": "rmf", + "name": "emass_cci", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control", + "dataType": "varchar(25)", + "type": 253, + "length": 25, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "help", + "primary_key": [ + "section" + ], + "fields": [ + { + "name": "section", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "topic", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "content", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "section_id", + "type": "index", + "ref": "section" + } + ] + }, + { + "schema": "sagacity", + "name": "pdi_catalog", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "1", + "2", + "3" + ], + "ai": false, + "nn": true, + "default": "2" + }, + { + "name": "update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "short_title", + "dataType": "varchar(1024)", + "type": 253, + "length": 1024, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "check_contents", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sites", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "address", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "city", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "state", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "zip", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "country", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "US" + }, + { + "name": "poc_name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "poc_email", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "poc_phone", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "system", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "abbr", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "mac", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "1", + "2", + "3" + ], + "ai": false, + "nn": true, + "default": "3" + }, + { + "name": "classification", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "Unclass", + "FOUO", + "C", + "S", + "TS", + "SCI", + "Public", + "Classified", + "Sensitive" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "acred_type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "diacap", + "rmf", + "pci", + "nispom", + "hipaa", + "sox", + "cobit" + ], + "ai": false, + "nn": false, + "default": "diacap" + }, + { + "name": "mitigations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "executive_summary", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "diagram", + "dataType": "mediumblob", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "software", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cpe", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cpe23", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "sw_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "short_sw_string", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sources", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "icon", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "false_positives", + "primary_key": [ + "pdi_id", + "src_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "fp_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "fp_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "exceptions", + "primary_key": [ + "pdi_id", + "sys_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sys_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "exp_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "exp_sys_id", + "local": "sys_id", + "schema": "sagacity", + "table": "system", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "task_status", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "category", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "findings_status", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "ports_proto_services", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "port", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "proto", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "tcp", + "udp", + "dccp", + "sctp" + ], + "ai": false, + "nn": true, + "default": "tcp" + }, + { + "name": "IANA_Name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "banner", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "proc_ia_controls", + "primary_key": [ + "control_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "subject_area", + "dataType": "varchar(50)", + "type": 253, + "length": 50, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "threat_vul_cm", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "gen_imp_guide", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "impact", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "medium", + "high" + ], + "ai": false, + "nn": false, + "default": "medium" + } + ] + }, + { + "schema": "sagacity", + "name": "proc_ia_sub_controls", + "primary_key": [ + "sub_control_id" + ], + "fields": [ + { + "name": "sub_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "parent_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "objective", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "prep", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "script", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "exp_result", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "parent_cont_id", + "local": "parent_control_id", + "schema": "sagacity", + "table": "proc_ia_controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "parent_cont_id_idx", + "type": "index", + "ref": "parent_control_id" + } + ] + }, + { + "schema": "sagacity", + "name": "proc_level_type", + "primary_key": [ + "proc_control_id", + "type", + "level", + "class" + ], + "fields": [ + { + "name": "proc_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "diacap", + "rmf" + ], + "ai": false, + "nn": true, + "default": "diacap" + }, + { + "name": "level", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": true, + "default": null + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "cl", + "pub", + "sen", + "u", + "fouo", + "s", + "ts", + "sci" + ], + "ai": false, + "nn": true, + "default": null + } + ], + "constraints": [ + { + "id": "proc_control_id", + "local": "proc_control_id", + "schema": "sagacity", + "table": "proc_ia_controls", + "field": "control_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "checklist", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "checklist_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "release", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "benchmark", + "manual", + "policy", + "iavm" + ], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "icon", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "checklist_software_lookup", + "primary_key": [ + "chk_id", + "sw_id" + ], + "fields": [ + { + "name": "chk_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "chk_sw_lu_chk_id", + "local": "chk_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "chk_sw_lu_sw_id", + "local": "sw_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "chk_sw_lu_chk_id_idx", + "type": "index", + "ref": "chk_id" + }, + { + "id": "chk_sw_lu_sw_id_idx", + "type": "index", + "ref": "sw_id" + } + ] + }, + { + "schema": "sagacity", + "name": "pdi_checklist_lookup", + "primary_key": [ + "pdi_id", + "checklist_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "checklist_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "group_title", + "dataType": "varchar(2048)", + "type": 253, + "length": 2048, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "short_title", + "dataType": "varchar(1024)", + "type": 253, + "length": 1024, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "check_contents", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fix_text", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "tweak_data", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "pdi_chk_chk_id", + "local": "checklist_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "pdi_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "pdi_chk_chk_id_idx", + "type": "index", + "ref": "checklist_id" + }, + { + "id": "pdi_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "advisories", + "primary_key": [ + "advisory_id", + "pdi_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "advisory_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "impact", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "referece", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ad_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ad_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cce", + "primary_key": [ + "pdi_id", + "cce_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cce_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cce_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cce_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cci", + "primary_key": [ + "cci_id" + ], + "fields": [ + { + "name": "cci_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "policy", + "technical" + ], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "definition", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "param", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "note", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "cci_id_idx", + "type": "index", + "ref": "cci_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cci_refs", + "primary_key": [ + "cci_id", + "title" + ], + "fields": [ + { + "name": "cci_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": null + }, + { + "name": "ver", + "dataType": "tinyint(2)", + "type": 1, + "length": 2, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "index", + "dataType": "varchar(40)", + "type": 253, + "length": 40, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cci_refs_cci_id", + "local": "cci_id", + "schema": "sagacity", + "table": "cci", + "field": "cci_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cci_refs_cci_id_idx", + "type": "index", + "ref": "cci_id" + }, + { + "id": "cci_refs_title_idx", + "type": "index", + "ref": "title" + } + ] + }, + { + "schema": "sagacity", + "name": "cve_db", + "primary_key": [ + "cve_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "seq", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phase", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phase_date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cvss", + "dataType": "decimal(4,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "cve_idx", + "type": "index", + "ref": "cve_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cve_references", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cve_seq", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "source", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "val", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cve_cve_ref_id", + "local": "cve_seq", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cve_ref_idx", + "type": "index", + "ref": "cve_seq" + } + ] + }, + { + "schema": "sagacity", + "name": "cve", + "primary_key": [ + "pdi_id", + "cve_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cve_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "cve_cve_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "cve_web", + "primary_key": [ + "cve_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "xml", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cve_web_cve_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "golddisk", + "primary_key": [ + "pdi_id", + "vms_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "vms_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "short_title", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "gd_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "gd_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ia_controls", + "primary_key": [ + "pdi_id", + "type", + "type_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type_id", + "dataType": "varchar(8)", + "type": 253, + "length": 8, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ia_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ia_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_notices", + "primary_key": [ + "noticeId" + ], + "fields": [ + { + "name": "noticeId", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "xmlUrl", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "htmlUrl", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "iavmNoticeNumber", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "state", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "lastUpdated", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "releaseDate", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "supersedes", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "executiveSummary", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fixAction", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "note", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "vulnAppsSysAndCntrmsrs", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stigFindingSeverity", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "knownExploits", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "iavm_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "iavm_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_bids", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "bid", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "bids_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "bids_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_mitigations", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "header", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "body", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "mit_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "mit_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_patches", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "patches_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "patches_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_references", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ref_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ref_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_tech_overview", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "details", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "iavm_ovw_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "iavm_ovw_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_to_cve", + "primary_key": [ + "noticeId", + "cve_id" + ], + "fields": [ + { + "name": "noticeId", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cve_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cve_lookup_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + }, + { + "id": "iavm_lookup_id", + "local": "noticeId", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cve_lookup_id_idx", + "type": "index", + "ref": "cve_id" + } + ] + }, + { + "schema": "sagacity", + "name": "nessus_plugins", + "primary_key": [ + "plugin_id" + ], + "fields": [ + { + "name": "plugin_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "oid", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "copyright", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "version", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_date", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "nessus_meta", + "primary_key": [ + "meta_id" + ], + "fields": [ + { + "name": "meta_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "plugin_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "val", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "nessus_plugin_id", + "local": "plugin_id", + "schema": "sagacity", + "table": "nessus_plugins", + "field": "plugin_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "nessus_plugin_id_idx", + "type": "index", + "ref": "plugin_id" + } + ] + }, + { + "schema": "sagacity", + "name": "nessus", + "primary_key": [ + "pdi_id", + "nessus_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "nessus_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "nessus_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "nessus_n_id", + "local": "nessus_id", + "schema": "sagacity", + "table": "nessus_plugins", + "field": "plugin_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "nessus_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + }, + { + "id": "nessus_n_id_idx", + "type": "index", + "ref": "nessus_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ov_convert", + "primary_key": [ + "pdi_id", + "const_id", + "value" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "const_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "value", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ov_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ov_con_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "oval", + "primary_key": [ + "pdi_id", + "oval_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "oval_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "platform", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ext_def", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ext_def_op", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "oval_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "oval_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "oval_ref", + "primary_key": [ + "oval_id", + "source" + ], + "fields": [ + { + "name": "oval_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "source", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ref_id", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "stigs", + "primary_key": [ + "pdi_id", + "stig_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "stig_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "varchar(1000)", + "type": 253, + "length": 1000, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "tweak_data", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "stigs_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "stigs_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "sv_rule", + "primary_key": [ + "pdi_id", + "sv_rule" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sv_rule", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "sv_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "sv_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "people", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "org", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phone", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "ste", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "system_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "site_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "eval_start", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "eval_end", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "multiple", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "primary", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "scope", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ao", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "assumptions", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "constraints", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "recommendations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "residual_risk", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "risk_status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "very low", + "low", + "medium", + "high", + "very high" + ], + "ai": false, + "nn": false, + "default": "medium" + }, + { + "name": "deviations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "conclusion", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_sys_id", + "local": "system_id", + "schema": "sagacity", + "table": "system", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_site_id", + "local": "site_id", + "schema": "sagacity", + "table": "sites", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ste_sys_id_idx", + "type": "index", + "ref": "system_id" + }, + { + "id": "ste_site_id_idx", + "type": "index", + "ref": "site_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ste_team", + "primary_key": [ + "people_id", + "ste_id" + ], + "fields": [ + { + "name": "people_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pos", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_team_people_id", + "local": "people_id", + "schema": "sagacity", + "table": "people", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_team_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "ste_cat", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "analysts", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_cat_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ste_cat_ste_id_idx", + "type": "index", + "ref": "ste_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ste_cat_sources", + "primary_key": [ + "cat_id", + "src_id" + ], + "fields": [ + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ste_cat_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_cat_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "interview_questions", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "key", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "question", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "category_interview", + "primary_key": [ + "cat_id", + "ques_id" + ], + "fields": [ + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ques_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "answer", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cat_int_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "cat_int_ques_id", + "local": "ques_id", + "schema": "sagacity", + "table": "interview_questions", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cat_int_ques_id_idx", + "type": "index", + "ref": "ques_id" + } + ] + }, + { + "schema": "sagacity", + "name": "scans", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "itr", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "file_name", + "dataType": "varchar(150)", + "type": 253, + "length": 150, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "start_time", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "last_update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "IN QUEUE", + "RUNNING", + "COMPLETE", + "ERROR", + "TERMINATED" + ], + "ai": false, + "nn": true, + "default": "IN QUEUE" + }, + { + "name": "perc_comp", + "dataType": "decimal(5,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_host", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "hosts_comp", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "host_count", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "location", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "scan_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "scan_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "scan_src_id_idx", + "type": "index", + "ref": "src_id" + }, + { + "id": "scan_ste_id_idx", + "type": "index", + "ref": "ste_id" + } + ] + }, + { + "schema": "sagacity", + "name": "target", + "primary_key": [ + "ste_id", + "name" + ], + "unique": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "os_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "auto_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "man_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "data_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fp_cat1_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "location", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "source", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cat_1", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "cat_2", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "cat_3", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "closed", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "not_applicable", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "not_reviewed", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": 0 + }, + { + "name": "compliance", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "assessed", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "notes", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "missing_patches", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "os_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pp_flag", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "1" + }, + { + "name": "pp_off", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "U", + "FOUO", + "S" + ], + "ai": false, + "nn": false, + "default": "U" + } + ], + "constraints": [ + { + "id": "t_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_os_id", + "local": "os_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_auto_id", + "local": "auto_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_man_id", + "local": "man_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_data_id", + "local": "data_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_fp_cat1_id", + "local": "fp_cat1_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "t_id_idx", + "type": "index", + "ref": "id" + }, + { + "id": "t_name_idx", + "type": "index", + "ref": "name" + }, + { + "id": "t_cat_id_idx", + "type": "index", + "ref": "cat_id" + }, + { + "id": "t_os_id_idx", + "type": "index", + "ref": "os_id" + }, + { + "id": "t_ste_id_idx", + "type": "index", + "ref": "ste_id" + }, + { + "id": "t_auto_id_idx", + "type": "index", + "ref": "auto_status_id" + }, + { + "id": "t_man_id_idx", + "type": "index", + "ref": "man_status_id" + }, + { + "id": "t_data_status_id_idx", + "type": "index", + "ref": "data_status_id" + }, + { + "id": "t_fp_cat1_id_idx", + "type": "index", + "ref": "fp_cat1_status_id" + } + ], + "triggers": [ + "DROP TRIGGER IF EXISTS `sagacity`.`target_BEFORE_INSERT`", + "CREATE DEFINER=`web`@`{host}` TRIGGER `sagacity`.`target_BEFORE_INSERT` BEFORE INSERT ON `target` FOR EACH ROW", + "BEGIN", + "SELECT MAX(`id`) INTO @newid", + "FROM `sagacity`.`target`;", + "SET NEW.`id` = COALESCE(@newid + 1, 1);", + "END" + ] + }, + { + "schema": "sagacity", + "name": "target_net_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "netstat_connections", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "shares", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "routes", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "firewall_config", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "tnm_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_user_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "login", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "user_list", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_login", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "disabled_accts", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stag_pwds", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "never_logged_in", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pwd_never_expires", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "tum_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_sys_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "mounted", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "process_list", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "autorun", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "services", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_boot", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "remote_registry", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "copyrighted", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "is_vm", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "system", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "bios", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "wmi_listening_pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "tsm_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "interfaces", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ipv4", + "dataType": "varchar(150)", + "type": 253, + "length": 150, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ipv6", + "dataType": "varchar(400)", + "type": 253, + "length": 400, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "hostname", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "mac", + "dataType": "varchar(40)", + "type": 253, + "length": 40, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "fqdn", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "dns", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "int_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_checklist", + "primary_key": [ + "tgt_id", + "chk_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "chk_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "U", + "FOUO", + "S", + "TS", + "SCI" + ], + "ai": false, + "nn": false, + "default": "U" + } + ], + "constraints": [ + { + "id": "chk_tgt_chk_id", + "local": "chk_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "tgt_tgt_chk_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_software", + "primary_key": [ + "tgt_id", + "sft_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sft_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "sft_tgt_sft_id", + "local": "sft_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "tgt_tgt_sft_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "host_list", + "primary_key": [ + "scan_id", + "tgt_id" + ], + "fields": [ + { + "name": "scan_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "finding_count", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "scanner_error", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": "", + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "host_scan_id", + "local": "scan_id", + "schema": "sagacity", + "table": "scans", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "host_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "pps_list", + "primary_key": [ + "int_id", + "pps_id" + ], + "fields": [ + { + "name": "int_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pps_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "banner", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "listening", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "pps_int_id", + "local": "int_id", + "schema": "sagacity", + "table": "interfaces", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "pps_pps_id", + "local": "pps_id", + "schema": "sagacity", + "table": "ports_proto_services", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "findings", + "primary_key": [ + "tgt_id", "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "scan_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "findings_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "int(1)", + "type": 3, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "change_id", + "dataType": "tinyint(2)", + "type": 1, + "length": 2, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "orig_src", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "finding_itr", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "1" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "find_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_scan_id", + "local": "scan_id", + "schema": "sagacity", + "table": "scans", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_status_id", + "local": "findings_status_id", + "schema": "sagacity", + "table": "findings_status", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "finding_controls", + "primary_key": [ + "tgt_id", + "pdi_id", + "ia_control" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ia_control", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "find_tgt_ctrl_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "find_pdi_ctrl_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "scan_notes", + "primary_key": [ + "tgt_id", + "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "note", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "scan_find_tgt_notes_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "scan_find_pdi_notes_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "analyst_notes", + "primary_key": [ + "tgt_id", + "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "note", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "analyst_find_tgt_notes_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "analyst_find_pdi_notes_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "search_filters", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "target", + "scan", + "finding", + "reference" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "criteria", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "cve_sw_lookup", + "primary_key": [ + "cve_id", + "sw_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + } + ] } \ No newline at end of file diff --git a/exec/background_results.php b/exec/background_results.php index 292602c..92722dd 100644 --- a/exec/background_results.php +++ b/exec/background_results.php @@ -237,7 +237,7 @@ do { } while ($dbh->get_Running_Script_Count($conf['ste'])); -if (!$debug) { +if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) { unlink(DOC_ROOT . "/exec/parse_config.ini"); } diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 01b1fac..17c31e0 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -190,10 +190,11 @@ if ($tgt_count = count($tgts)) { $total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0); $count = 0; + $findings = $db->get_Finding($tgt); + foreach ($pdis as $pdi) { - $find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null)); - if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) { - $find = $find[0]; + if (isset($findings[$pdi['pdi_id']])) { + $find = $findings[$pdi['pdi_id']]; } $sev = 'low'; diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index c9b3e03..ed4cc13 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -25,6 +25,7 @@ * - Aug 28, 2017 - Fixed couple minor bugs * - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up * - May 24, 2018 - Attempt to fix bug #413 + * - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id */ $cmd = getopt("f:", ['debug::', 'help::']); set_time_limit(0); @@ -126,7 +127,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { continue; } -$scan->isTerminated(); + $scan->isTerminated(); $log->notice("Reading from {$wksht->getTitle()}"); @@ -155,6 +156,7 @@ $scan->isTerminated(); $short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']); $row_count = $highestRow = $wksht->getHighestDataRow() - 10; $highestCol = $wksht->getHighestDataColumn(10); + $tgt_findings = []; for ($col = 'F' ; $col != $highestCol ; $col++) { $cell = $wksht->getCell($col . '10'); @@ -219,7 +221,9 @@ $scan->isTerminated(); $scan->add_Target_to_Host_List($hl); } - if (preg_match('/Overall/i', $cell->getValue())) { + $tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt); + + if (preg_match('/overall/i', $cell->getValue())) { $log->debug("Found overall: {$cell->getColumn()}"); break; } @@ -294,34 +298,24 @@ $scan->isTerminated(); $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex()) ->getValue(); - $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)"); - - $finding = $db->get_Finding($tgt, $stig); - - if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) { + $findings = $tgt_findings[$tgt->get_ID()]; + if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) { /** @var finding $tmp */ - $tmp = $finding[0]; - - if(preg_match("/Not a Finding|Not Applicable/i", $status)) { - $ds = $tmp->get_Deconflicted_Status($status); - $tmp->set_Finding_Status_By_String($ds); - } - else { - $tmp->set_Finding_Status_By_String($status); - } + $tmp = $findings[$stig->get_PDI_ID()]; + $tmp->set_Finding_Status_By_String($status); $tmp->set_Notes($notes); $tmp->set_Category($cat_lvl); $updated_findings[] = $tmp; } else { - $tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); + $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); $tmp->set_Category($cat_lvl); $new_findings[] = $tmp; } - + $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})"); $x++; } @@ -347,10 +341,8 @@ $scan->isTerminated(); } } -/** - * @var host_list $h - */ -foreach($host_list as $h) { +/** @var host_list $h */ +foreach($scan->get_Host_List() as $h) { $db->update_Target_Counts($h->getTargetId()); } diff --git a/exec/parse_host_data_collection.php b/exec/parse_host_data_collection.php index b71a7ae..ae3eb53 100644 --- a/exec/parse_host_data_collection.php +++ b/exec/parse_host_data_collection.php @@ -112,10 +112,8 @@ foreach ($files as $file) { $scan_id = 0; -foreach ($findings as $key => $find) { - if (false) { - $find = new finding(); - } +/** @var finding $find */ +foreach ($findings as $find) { $ret = array(); if ($find->get_Scan_ID()) { $scan_id = $find->get_Scan_ID(); diff --git a/exec/parse_mssql.php b/exec/parse_mssql.php index 83e8b3d..bdfac63 100644 --- a/exec/parse_mssql.php +++ b/exec/parse_mssql.php @@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser { // check for finding $finding = $this->db->get_Finding($this->tgt, $this->stig); if (is_array($finding) && count($finding)) { + /** @var finding $finding */ $finding = $finding[0]; - if (false) { - $finding = new finding(); - } $finding->prepend_Notes("(MSSQL) " . $this->notes); if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) { @@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser { $this->updated_findings[$finding->get_PDI_ID()] = $finding; } else { - $finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1); + $finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1); $this->new_findings[$this->stig->get_PDI_ID()] = $finding; } diff --git a/exec/parse_nessus.php b/exec/parse_nessus.php index 545ed4f..29aed04 100644 --- a/exec/parse_nessus.php +++ b/exec/parse_nessus.php @@ -1142,7 +1142,7 @@ class nessus_parser extends scan_xml_parser } } else { - $tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1); if (!is_null($pdi)) { $tmp->set_Category($pdi->get_Category_Level()); } @@ -1178,7 +1178,7 @@ class nessus_parser extends scan_xml_parser $stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc); $this->db->add_Stig($stig); - $tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1); $tmp->set_Category($this->plugin->result->cat); if (isset($this->new_findings[$tmp->get_PDI_ID()])) { @@ -1215,10 +1215,8 @@ class nessus_parser extends scan_xml_parser } if (is_a($finding, 'finding')) { + /** @var finding $finding */ $this->log->script_log("Updating finding"); - if (false) { - $finding = new finding(); - } if ($this->debug) { $this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG); } @@ -1265,7 +1263,7 @@ class nessus_parser extends scan_xml_parser } else { $this->log->script_log("Adding new finding"); - $tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1); $tmp->set_Category($this->plugin->result->cat); $this->new_findings[$tmp->get_PDI_ID()] = $tmp; diff --git a/exec/parse_nvd_json_cve.php b/exec/parse_nvd_json_cve.php index 4d8d06f..9eba7dd 100644 --- a/exec/parse_nvd_json_cve.php +++ b/exec/parse_nvd_json_cve.php @@ -49,7 +49,7 @@ $log = new Logger("nvd_cve"); $log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level)); $db = new db(); -$json = json_decode(file_get_contents($cmd['f'])); +$json = json_decode(file_get_contents($cmd['f']), true); $existing_cves = []; $db->help->select("cve_db", ['cve_id']); @@ -60,19 +60,21 @@ if (is_array($cves) && count($cves)) { } } -print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL; +print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL; $db_cpes = []; +$db_cpes23 = []; $new_cves = []; $new_cve_refs = []; $sw_rows = []; $new = 0; $existing = 0; -$db->help->select("software", ['id', 'cpe']); +$db->help->select("software", ['id', 'cpe', 'cpe23']); $rows = $db->help->execute(); foreach ($rows as $row) { $db_cpes["{$row['cpe']}"] = $row['id']; + $db_cpes23["{$row['cpe23']}"] = $row['id']; } $cve_fields = [ @@ -82,24 +84,22 @@ $ref_fields = [ 'cve_seq', 'source', 'url', 'val' ]; -foreach ($json->CVE_Items as $cve) { - if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) { - $log->debug("Adding {$cve->cve->CVE_data_meta->ID}"); +foreach ($json['CVE_Items'] as $cve) { + if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) { + $log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}"); $new++; $desc = []; $status = null; $phase = null; $cpes = []; - $name = $cve->cve->CVE_data_meta->ID; - $type = $cve->cve->data_type; - $seq = $cve->cve->CVE_data_meta->ID; - $pd = new DateTime($cve->publishedDate); - $lmd = new DateTime($cve->lastModifiedDate); + $name = $cve['cve']['CVE_data_meta']['ID']; + $seq = $cve['cve']['CVE_data_meta']['ID']; + $pd = new DateTime($cve['publishedDate']); - if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) { - foreach ($cve->cve->description->description_data as $d) { - $desc[] = $d->value; + if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) { + foreach ($cve['cve']['description']['description_data'] as $d) { + $desc[] = $d['value']; } } @@ -107,24 +107,21 @@ foreach ($json->CVE_Items as $cve) { $name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc) ]; - if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) { - foreach ($cve->cve->references->reference_data as $ref) { - $log->debug("Adding reference {$ref->url}"); + if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) { + foreach ($cve['cve']['references']['reference_data'] as $ref) { + $log->debug("Adding reference {$ref['url']}"); $new_cve_refs[] = [ - $name, null, $ref->url, null + $name, null, $ref['url'], null ]; } } - if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) { - foreach ($cve->configurations->nodes as $n) { - if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) { - foreach ($n->cpe as $cpe) { - if (isset($cpe->cpe22Uri)) { - $cpes[] = $cpe->cpe22Uri; - } - elseif (isset($cpe->cpeMatchString)) { - $cpes[] = $cpe->cpeMatchString; + if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) { + foreach($cve['configurations']['nodes'] as $n) { + if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) { + foreach($n['cpe_match'] as $c) { + if($c['vulnerable'] && $c['cpe23Uri']) { + $cpes[] = $c['cpe23Uri']; } } } @@ -135,6 +132,8 @@ foreach ($json->CVE_Items as $cve) { foreach ($cpes as $cpe) { if (isset($db_cpes["{$cpe}"])) { $sw_rows[] = [$name, $db_cpes["{$cpe}"]]; + } elseif (isset($db_cpes23["{$cpe}"])) { + $sw_rows[] = [$name, $db_cpes23["{$cpe}"]]; } } } @@ -185,7 +184,7 @@ if (count($sw_rows)) { $db->help->execute(); } -unlink($cmd['f']); +//unlink($cmd['f']); print PHP_EOL; diff --git a/exec/parse_scc_xccdf.php b/exec/parse_scc_xccdf.php index a2da39b..71569c9 100644 --- a/exec/parse_scc_xccdf.php +++ b/exec/parse_scc_xccdf.php @@ -104,8 +104,6 @@ class scc_parser extends scan_xml_parser var $found_rule = false; - var $log = null; - /** * Constructor * @@ -665,9 +663,7 @@ class scc_parser extends scan_xml_parser */ if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) { - /** - * @var finding $finding - */ + /** @var finding $finding */ $finding = $existing_findings[$pdi_id]; $finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status'])); @@ -679,7 +675,7 @@ class scc_parser extends scan_xml_parser $update_findings[$pdi_id] = $finding; } else { - $new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); + $new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); } } @@ -689,11 +685,11 @@ class scc_parser extends scan_xml_parser $hl->setTargetId($this->tgt->get_ID()); $hl->setTargetName($this->tgt->get_Name()); $hl->setFindingCount(count($new_findings) + count($update_findings)); - $hl->setScanError(false); $this->db->update_Target_Counts($this->tgt->get_ID()); $this->scan->add_Target_to_Host_List($hl); + $this->db->update_Scan_Host_List($this->scan); } } diff --git a/inc/database.inc b/inc/database.inc index c9bb7d7..a7df1b1 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -66,7 +66,7 @@ * - Jan 10, 2018 - Added a couple functions and formatting * - Jan 15, 2018 - Fixed bug in get_Category_Findings * - Jan 16, 2018 - Added include for host_list.inc, updated to use host_list class, fixed bug in delete_Scan method - Moved scan deletion here + Moved scan deletion here * - Jan 20, 2018 - Fixed typo in save_STE method * - May 24, 2018 - Added defaulting where clause operator to '=' * - May 26, 2018 - Updated autocategorization to removed any extranious spaces before or after the string @@ -112,7 +112,7 @@ include_once 'nasl.inc'; include_once 'uuid.inc'; include_once 'host_list.inc'; -// @TODO - Make sure all save functions accept a class object or array of that class that is being saved. Otherwise, only primative types will be passed in. +// @TODO - Make sure all save functions accept a class object or array of that class that is being saved. Otherwise, only primative types will be passed in. /** * Constant to decide if the database queries will run automatically after creating them * @@ -121,49 +121,56 @@ include_once 'host_list.inc'; define('AUTORUN', false); /** - * Global to represent an IN statement (e.g. WHERE field IN (1,2)) + * Global to represent an IN statement (e.g. + * WHERE field IN (1,2)) * * @var int */ define('IN', 1); /** - * Global to represent a NOT IN statement (e.g. WHERE field NOT IN (1,2)) + * Global to represent a NOT IN statement (e.g. + * WHERE field NOT IN (1,2)) * * @var int */ define('NOT_IN', 64); /** - * Global to represent a BETWEEN statement (e.g. WHERE field BETWEEN 1 and 2) + * Global to represent a BETWEEN statement (e.g. + * WHERE field BETWEEN 1 and 2) * * @var int */ define('BETWEEN', 2); /** - * Global to represent a LIKE statement (e.g. WHERE field LIKE '%value%') + * Global to represent a LIKE statement (e.g. + * WHERE field LIKE '%value%') * * @var int */ define('LIKE', 4); /** - * Global to represent an IS NOT statement (e.g. WHERE field IS NOT NULL) + * Global to represent an IS NOT statement (e.g. + * WHERE field IS NOT NULL) * * @var int */ define('IS_NOT', 8); /** - * Global to represent an IS statement (e.g. WHERE field IS NULL) + * Global to represent an IS statement (e.g. + * WHERE field IS NULL) * * @var int */ define('IS', 16); /** - * Global to represent an NOT LIKE statement (e.g. WHERE field NOT LIKE '%value%' + * Global to represent an NOT LIKE statement (e.g. + * WHERE field NOT LIKE '%value%' * * @var int */ @@ -177,19 +184,31 @@ define('NOT_LIKE', 32); class db_helper { - const SELECT = 1; - const SELECT_COUNT = 2; - const CREATE_TABLE = 3; - const DROP = 4; - const DELETE = 5; - const INSERT = 6; - const REPLACE = 7; - const UPDATE = 8; - const EXTENDED_INSERT = 9; + const SELECT = 1; + + const SELECT_COUNT = 2; + + const CREATE_TABLE = 3; + + const DROP = 4; + + const DELETE = 5; + + const INSERT = 6; + + const REPLACE = 7; + + const UPDATE = 8; + + const EXTENDED_INSERT = 9; + const EXTENDED_REPLACE = 10; - const EXTENDED_UPDATE = 11; - const ALTER_TABLE = 12; - const TRUNCATE = 13; + + const EXTENDED_UPDATE = 11; + + const ALTER_TABLE = 12; + + const TRUNCATE = 13; /** * The mysqli connection @@ -222,16 +241,16 @@ class db_helper /** * Constructor * - * @param mysqli $dbh [by ref] - * mysqli object to perform queries. + * @param mysqli $dbh + * [by ref] + * mysqli object to perform queries. */ public function __construct(&$dbh) { - if (!is_null($dbh) && is_a($dbh, "mysqli")) { + if (! is_null($dbh) && is_a($dbh, "mysqli")) { $this->c = $dbh; - } - else { - throw(new Exception("Could not create database helper class", E_ERROR)); + } else { + throw (new Exception("Could not create database helper class", E_ERROR)); } $this->c->real_query("SET time_zone='+00:00'"); @@ -241,43 +260,45 @@ class db_helper /** * Function to execute the statement * - * @param mixed $return [optional] - * MYSQLI constant to control what is returned from the mysqli_result object - * @param string $sql [optional] - * Optional SQL query + * @param mixed $return + * [optional] + * MYSQLI constant to control what is returned from the mysqli_result object + * @param string $sql + * [optional] + * Optional SQL query * * @return mixed */ public function execute($return = MYSQLI_ASSOC, $sql = null) { - if (!is_null($sql)) { + if (! is_null($sql)) { $this->sql = $sql; } if (is_a($this->c, 'mysqli')) { - if (!$this->c->ping()) { + if (! $this->c->ping()) { $this->c = null; $this->c = new mysqli(DB_SERVER, 'web', db::decrypt_pwd(), 'sagacity'); } - } - else { - throw(new Exception('Database was not connected', E_ERROR)); + } else { + throw (new Exception('Database was not connected', E_ERROR)); } try { - if (in_array($this->query_type, [self::SELECT, self::SELECT_COUNT])) { + if (in_array($this->query_type, [ + self::SELECT, + self::SELECT_COUNT + ])) { $this->result = $this->c->query($this->sql); if ($this->c->error) { $this->debug(E_ERROR); } - } - elseif ($this->query_type == self::DELETE) { + } elseif ($this->query_type == self::DELETE) { $this->c->real_query($this->sql); if ($this->c->error) { return 0; } - } - else { + } else { $this->c->real_query($this->sql); if ($this->c->error) { $this->debug(E_ERROR, $this->c->error); @@ -285,8 +306,7 @@ class db_helper } $this->result = $this->check_results($return); - } - catch (Exception $e) { + } catch (Exception $e) { die($e->getTraceAsString()); } @@ -296,8 +316,9 @@ class db_helper /** * Function to check the results and return what is expected * - * @param mixed $return_type [optional] - * Optional return mysqli_result return type + * @param mixed $return_type + * [optional] + * Optional return mysqli_result return type * * @return mixed */ @@ -307,21 +328,19 @@ class db_helper if ($this->c->error) { $this->debug(E_ERROR); - } - elseif (LOG_LEVEL == E_DEBUG) { + } elseif (LOG_LEVEL == E_DEBUG) { $this->debug(E_DEBUG); } switch ($this->query_type) { case self::SELECT_COUNT: - if (!is_a($this->result, 'mysqli_result')) { + if (! is_a($this->result, 'mysqli_result')) { $this->debug(E_ERROR); } if ($this->result->num_rows == 1) { $res = $this->result->fetch_assoc()['count']; - } - elseif ($this->result->num_rows > 1) { + } elseif ($this->result->num_rows > 1) { $res = $this->result->num_rows; } @@ -329,14 +348,13 @@ class db_helper return $res; case self::SELECT: - if (!is_a($this->result, 'mysqli_result')) { + if (! is_a($this->result, 'mysqli_result')) { $this->debug(E_ERROR); } if ($this->result->num_rows == 1) { $res = $this->result->fetch_array($return_type); - } - elseif ($this->result->num_rows > 1) { + } elseif ($this->result->num_rows > 1) { $res = $this->fetch_all($return_type); } @@ -351,8 +369,7 @@ class db_helper if ($this->c->insert_id) { return $this->c->insert_id; - } - elseif ($this->c->affected_rows) { + } elseif ($this->c->affected_rows) { return $this->c->affected_rows; } @@ -366,15 +383,12 @@ class db_helper case self::ALTER_TABLE: if ($this->c->error && $this->c->errno == 1060) { return ($this->c->affected_rows ? $this->c->affected_rows : true); - } - elseif ($this->c->error) { + } elseif ($this->c->error) { $this->debug(E_ERROR); return false; - } - elseif ($this->c->affected_rows) { + } elseif ($this->c->affected_rows) { return $this->c->affected_rows; - } - else { + } else { return true; } @@ -389,8 +403,9 @@ class db_helper /** * Function to pass through calling the query function (used for backwards compatibility and for more complex queries that aren't currently supported) * - * @param string $sql [optional] - * Optional query to pass in and execute + * @param string $sql + * [optional] + * Optional query to pass in and execute * * @return mysqli_result */ @@ -398,8 +413,7 @@ class db_helper { if (is_null($sql)) { return $this->c->query($this->sql); - } - else { + } else { return $this->c->query($sql); } } @@ -408,13 +422,16 @@ class db_helper * A function to build a select query * * @param string $table_name - * The table to query - * @param array $fields [optional] - * Optional array of fields to return (defaults to '*') - * @param array $where [optional] - * Optional 2-dimensional array to build where clause from - * @param array $flags [optional] - * Optional 2-dimensional array to allow other flags + * The table to query + * @param array $fields + * [optional] + * Optional array of fields to return (defaults to '*') + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause from + * @param array $flags + * [optional] + * Optional 2-dimensional array to allow other flags * * @see db_helper::where() * @see db_helper::flags() @@ -423,13 +440,12 @@ class db_helper */ public function select($table_name, $fields = null, $where = null, $flags = null) { - $this->sql = null; + $this->sql = null; $this->query_type = self::SELECT; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "SELECT " . $this->fields($fields) . " FROM $table_name"; - } - else { + } else { return null; } @@ -437,11 +453,11 @@ class db_helper $this->sql .= " " . implode(" ", $flags['table_joins']); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -456,11 +472,13 @@ class db_helper * Function to build a query to check the number of rows in a table * * @param string $table_name - * The table to query - * @param array $where [optional] - * Optional 2-dimensional array to build where clause - * @param array $flags [optional] - * Optional 2-dimensional array to add flags + * The table to query + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause + * @param array $flags + * [optional] + * Optional 2-dimensional array to add flags * * @see db_helper::where() * @see db_helper::flags() @@ -469,13 +487,12 @@ class db_helper */ public function select_count($table_name, $where = null, $flags = null) { - $this->sql = null; + $this->sql = null; $this->query_type = self::SELECT_COUNT; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "SELECT COUNT(1) AS 'count' FROM $table_name"; - } - else { + } else { return null; } @@ -483,11 +500,11 @@ class db_helper $this->sql .= " " . implode(" ", $flags['table_joins']); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -502,25 +519,28 @@ class db_helper * Function to build an insert query statement * * @param string $table_name - * Table name to query + * Table name to query * @param array $params - * Name/value pair to insert into the table - * @param boolean $to_ignore [optional] - * Optional boolean to decide if the "IGNORE" will be added + * Name/value pair to insert into the table + * @param boolean $to_ignore + * [optional] + * Optional boolean to decide if the "IGNORE" will be added * * @return string|NULL */ public function insert($table_name, $params, $to_ignore = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::INSERT; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . - "(`" . implode("`,`", array_keys($params)) . "`)"; + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . "(`" . implode("`,`", array_keys($params)) . "`)"; } - $this->sql .= " VALUES (" . implode(",", array_map([$this, '_escape'], array_values($params))) . ")"; + $this->sql .= " VALUES (" . implode(",", array_map([ + $this, + '_escape' + ], array_values($params))) . ")"; if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -533,49 +553,51 @@ class db_helper * Function to create an extended insert query statement * * @param string $table_name - * The table name that the data is going to be inserted on + * The table name that the data is going to be inserted on * @param array $fields - * An array of field names that each value represents + * An array of field names that each value represents * @param array $params - * An array of array of values - * @param boolean $to_ignore [optional] - * Boolean to decide if we need to use the INSERT IGNORE INTO syntax + * An array of array of values + * @param boolean $to_ignore + * [optional] + * Boolean to decide if we need to use the INSERT IGNORE INTO syntax * - * @return NULL|string - * Returns the SQL if AUTORUN is set to false, else it returns the output from running. + * @return NULL|string Returns the SQL if AUTORUN is set to false, else it returns the output from running. */ public function extended_insert($table_name, $fields, $params, $to_ignore = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::EXTENDED_INSERT; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . - "(`" . implode("`,`", $fields) . "`)"; - } - else { - throw(new Exception("Missing table name in extended_insert", E_ERROR)); + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . "(`" . implode("`,`", $fields) . "`)"; + } else { + throw (new Exception("Missing table name in extended_insert", E_ERROR)); } if (is_array($params) && count($params)) { $this->sql .= " VALUES "; if (isset($params[0]) && is_array($params[0])) { foreach ($params as $p) { - $this->sql .= "(" . implode(",", array_map([$this, '_escape'], array_values($p))) . "),"; + $this->sql .= "(" . implode(",", array_map([ + $this, + '_escape' + ], array_values($p))) . "),"; } - } - else { + } else { if (count($params) != count($fields)) { - throw(new Exception("Inconsistent number of fields in fields and values")); + throw (new Exception("Inconsistent number of fields in fields and values")); } - $this->sql .= "(" . implode("),(", array_map([$this, '_escape'], array_values($params))) . "),"; + $this->sql .= "(" . implode("),(", array_map([ + $this, + '_escape' + ], array_values($params))) . "),"; } - } - else { + } else { throw new \InvalidArgumentException("Expected array parameters"); } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -588,13 +610,15 @@ class db_helper * Build a statement to update a table * * @param string $table_name - * The table name to update + * The table name to update * @param array $params - * Name/value pairs of the field name and value - * @param array $where [optional] - * Two-dimensional array to create where clause - * @param array $flags [optional] - * Two-dimensional array to create other flag options (table_joins, order, and group) + * Name/value pairs of the field name and value + * @param array $where + * [optional] + * Two-dimensional array to create where clause + * @param array $flags + * [optional] + * Two-dimensional array to create other flag options (table_joins, order, and group) * * @see db_helper::where() * @see db_helper::flags() @@ -603,10 +627,10 @@ class db_helper */ public function update($table_name, $params, $where = null, $flags = null) { - $this->sql = "UPDATE "; + $this->sql = "UPDATE "; $this->query_type = self::UPDATE; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql .= $table_name; if (isset($flags['table_joins'])) { @@ -618,28 +642,24 @@ class db_helper } foreach ($params as $f => $p) { - if ((strpos($f, "`") === false) && - (strpos($f, ".") === false) && - (strpos($f, "*") === false) && - (stripos($f, " as ") === false)) { + if ((strpos($f, "`") === false) && (strpos($f, ".") === false) && (strpos($f, "*") === false) && (stripos($f, " as ") === false)) { $f = "`{$f}`"; } - if (!is_null($p)) { + if (! is_null($p)) { $this->sql .= "$f={$this->_escape($p)},"; - } - else { + } else { $this->sql .= "$f=NULL,"; } } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -654,23 +674,23 @@ class db_helper * Function to offer an extended updated functionality by using two different tables. * * @param string $to_be_updated - * The table that you want to update (alias 'tbu' is automatically added) + * The table that you want to update (alias 'tbu' is automatically added) * @param string $original - * The table with the data you want to overwrite to_be_updated table (alias 'o' is automatically added) + * The table with the data you want to overwrite to_be_updated table (alias 'o' is automatically added) * @param string $using - * The common index value between them that will join the fields + * The common index value between them that will join the fields * @param array|string $params - * If string only a single field is updated (tbu.$params = o.$params) - * If array each element in the array is a field to be updated (tbu.$param = o.$param) + * If string only a single field is updated (tbu.$params = o.$params) + * If array each element in the array is a field to be updated (tbu.$param = o.$param) * * @return mixed */ public function extended_update($to_be_updated, $original, $using, $params) { - $this->sql = "UPDATE "; + $this->sql = "UPDATE "; $this->query_type = self::EXTENDED_UPDATE; - if (!is_null($to_be_updated) && !is_null($original) && !is_null($using)) { + if (! is_null($to_be_updated) && ! is_null($original) && ! is_null($using)) { $this->sql .= "$to_be_updated tbu INNER JOIN $original o USING ($using) SET "; } @@ -678,13 +698,11 @@ class db_helper foreach ($params as $param) { $this->sql .= "tbu.$param = o.$param,"; } - $this->sql = substr($this->sql, 0, -1); - } - elseif (is_string($params)) { + $this->sql = substr($this->sql, 0, - 1); + } elseif (is_string($params)) { $this->sql .= "tbu.$params = o.$params"; - } - else { - throw(new Exception("Do not understand datatype of \$params", E_ERROR)); + } else { + throw (new Exception("Do not understand datatype of \$params", E_ERROR)); } if (AUTORUN) { @@ -698,23 +716,25 @@ class db_helper * Function to build a replace query * * @param string $table_name - * The table to update + * The table to update * @param array $params - * Name/value pair to insert + * Name/value pair to insert * * @return NULL|string */ public function replace($table_name, $params) { - $this->sql = null; + $this->sql = null; $this->query_type = self::REPLACE; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "REPLACE INTO $table_name " . - "(`" . implode("`,`", array_keys($params)) . "`)"; + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "REPLACE INTO $table_name " . "(`" . implode("`,`", array_keys($params)) . "`)"; } - $this->sql .= " VALUES (" . implode(",", array_map(array($this, '_escape'), array_values($params))) . ")"; + $this->sql .= " VALUES (" . implode(",", array_map(array( + $this, + '_escape' + ), array_values($params))) . ")"; if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -727,35 +747,36 @@ class db_helper * Function to build an extended replace statement * * @param string $table_name - * Table name to update + * Table name to update * @param array $fields - * Array of fields + * Array of fields * @param array $params - * Two-dimensional array of values + * Two-dimensional array of values * * @return NULL|string */ public function extended_replace($table_name, $fields, $params) { - $this->sql = null; + $this->sql = null; $this->query_type = self::EXTENDED_REPLACE; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "REPLACE INTO $table_name " . - "(`" . implode("`,`", $fields) . "`)"; - } - else { + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "REPLACE INTO $table_name " . "(`" . implode("`,`", $fields) . "`)"; + } else { return null; } if (is_array($params) && count($params)) { $this->sql .= " VALUES "; foreach ($params as $p) { - $this->sql .= "(" . implode(",", array_map(array($this, '_escape'), array_values($p))) . "),"; + $this->sql .= "(" . implode(",", array_map(array( + $this, + '_escape' + ), array_values($p))) . "),"; } } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -768,13 +789,16 @@ class db_helper * Function to build a delete statement * * @param string $table_name - * Table name to act on - * @param array $fields [optional] - * Optional list of fields to delete (used when including multiple tables) - * @param array $where [optional] - * Optional 2-dimensional array to build where clause from - * @param array $table_joins [optional] - * Optional 2-dimensional array to add other flags + * Table name to act on + * @param array $fields + * [optional] + * Optional list of fields to delete (used when including multiple tables) + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause from + * @param array $table_joins + * [optional] + * Optional 2-dimensional array to add other flags * * @see db_helper::where() * @see db_helper::flags() @@ -783,25 +807,24 @@ class db_helper */ public function delete($table_name, $fields = null, $where = null, $table_joins = null) { - $this->sql = "DELETE"; + $this->sql = "DELETE"; $this->query_type = self::DELETE; - if (!is_null($fields) && is_array($fields)) { + if (! is_null($fields) && is_array($fields)) { $this->sql .= " " . implode(",", $fields); } - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql .= " FROM $table_name"; - } - else { - throw(new Exception("Failed to create delete query, no table name")); + } else { + throw (new Exception("Failed to create delete query, no table name")); } - if (!is_null($table_joins) && is_array($table_joins) && count($table_joins)) { + if (! is_null($table_joins) && is_array($table_joins) && count($table_joins)) { $this->sql .= " " . implode(" ", $table_joins); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } @@ -816,20 +839,21 @@ class db_helper * Function to build a drop table statement (automatically executes) * * @param string $schema - * Schema the table resides in + * Schema the table resides in * @param string $table_name - * Table to drop - * @param boolean $is_tmp [optional] - * Optional boolean if this is a temporary table + * Table to drop + * @param boolean $is_tmp + * [optional] + * Optional boolean if this is a temporary table * * @return string|NULL */ public function drop($schema, $table_name, $is_tmp = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::DROP; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "DROP " . ($is_tmp ? "TEMPORARY " : "") . "TABLE IF EXISTS `$schema`.`$table_name`"; } @@ -840,16 +864,16 @@ class db_helper * Function to build a truncate table statement (automatically executes) * * @param string $table_name - * Table to truncate + * Table to truncate * * @return string|NULL */ public function truncate($table_name) { - $this->sql = null; + $this->sql = null; $this->query_type = self::TRUNCATE; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "TRUNCATE TABLE $table_name"; } @@ -860,13 +884,15 @@ class db_helper * Function to build a create temporary table statement * * @param string $table_name - * Name to give the table when creating - * @param boolean $is_tmp [optional] - * Optional boolean to make the table a temporary table - * @param mixed $select [optional] - * Optional parameter if null uses last built statement - * If string, will be made the SQL statement executed to create the table - * If array, 2-dimensional array with "field", "datatype" values to build table fields + * Name to give the table when creating + * @param boolean $is_tmp + * [optional] + * Optional boolean to make the table a temporary table + * @param mixed $select + * [optional] + * Optional parameter if null uses last built statement + * If string, will be made the SQL statement executed to create the table + * If array, 2-dimensional array with "field", "datatype" values to build table fields * * @return NULL|string */ @@ -874,20 +900,17 @@ class db_helper { $this->query_type = self::CREATE_TABLE; - if (is_null($select) && !is_null($this->sql) && substr($this->sql, 0, 6) == 'SELECT') { + if (is_null($select) && ! is_null($this->sql) && substr($this->sql, 0, 6) == 'SELECT') { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name AS ($this->sql)"; } - if (!is_null($table_name) && is_string($table_name) && is_string($select)) { + if (! is_null($table_name) && is_string($table_name) && is_string($select)) { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name AS ($select)"; - } - elseif (!is_null($table_name) && is_string($table_name) && is_array($select)) { + } elseif (! is_null($table_name) && is_string($table_name) && is_array($select)) { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name ("; foreach ($select as $field) { - $this->sql .= "{$field['field']} {$field['datatype']}" . - (isset($field['default']) ? " {$field['default']}" : '') . - (isset($field['option']) ? " {$field['option']}" : '') . ","; + $this->sql .= "{$field['field']} {$field['datatype']}" . (isset($field['default']) ? " {$field['default']}" : '') . (isset($field['option']) ? " {$field['option']}" : '') . ","; } - $this->sql = substr($this->sql, 0, -1) . ")"; + $this->sql = substr($this->sql, 0, - 1) . ")"; } if (AUTORUN) { @@ -921,12 +944,10 @@ class db_helper if ($field->nn) { $this->sql .= " NOT NULL"; - } - else { + } else { if ($field->default === null) { $this->sql .= " DEFAULT NULL"; - } - elseif (strlen($field->default)) { + } elseif (strlen($field->default)) { $this->sql .= " DEFAULT '{$field->default}'"; } } @@ -944,11 +965,7 @@ class db_helper if (isset($json->constraints) && is_array($json->constraints) && count($json->constraints)) { foreach ($json->constraints as $con) { - $this->sql .= ", CONSTRAINT `{$con->id}` " . - "FOREIGN KEY (`{$con->local}`) " . - "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . - "ON DELETE " . (is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . - "ON UPDATE " . (is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); + $this->sql .= ", CONSTRAINT `{$con->id}` " . "FOREIGN KEY (`{$con->local}`) " . "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . "ON DELETE " . (is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . "ON UPDATE " . (is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); } } @@ -958,9 +975,8 @@ class db_helper if (isset($json->primary_key) && is_array($json->primary_key) && count($json->primary_key)) { $this->sql .= ", PRIMARY KEY(`" . implode("`,`", $json->primary_key) . "`))"; - } - else { - $this->sql = substr($this->sql, 0, -1) . ")"; + } else { + $this->sql = substr($this->sql, 0, - 1) . ")"; } $this->execute(); @@ -970,40 +986,35 @@ class db_helper * Function to alter a existing table * * @param string $table_name - * Table to alter + * Table to alter * @param string $action - * What action should be taken ('add-column', 'drop-column', 'modify-column') - * @param array $params [optional] - * Optional 2-dimensional array of parameters to act on. $action will dictate what parameters need to be present + * What action should be taken ('add-column', 'drop-column', 'modify-column') + * @param array $params + * [optional] + * Optional 2-dimensional array of parameters to act on. $action will dictate what parameters need to be present * * @return mixed */ public function alter_table($table_name, $action, $params) { $this->query_type = self::ALTER_TABLE; - $this->sql = "ALTER TABLE $table_name "; + $this->sql = "ALTER TABLE $table_name "; if ($action == 'add-column') { - $nn = ($params->nn ? " NOT NULL" : ""); + $nn = ($params->nn ? " NOT NULL" : ""); $default = null; if ($params->default === null) { $default = " DEFAULT NULL"; - } - elseif (strlen($params->default)) { + } elseif (strlen($params->default)) { $default = " DEFAULT '{$params->default}'"; } - $this->sql .= "ADD COLUMN {$params->name} {$params->dataType}" . - $nn . $default; - } - elseif ($action == 'drop-column') { + $this->sql .= "ADD COLUMN {$params->name} {$params->dataType}" . $nn . $default; + } elseif ($action == 'drop-column') { $this->sql .= "DROP COLUMN "; foreach ($params as $col) { $this->sql .= "{$col['name']},"; } - $this->sql = substr($this->sql, 0, -1); - } - elseif ($action == 'modify-column') { - - } + $this->sql = substr($this->sql, 0, - 1); + } elseif ($action == 'modify-column') {} $this->debug(E_DEBUG); @@ -1014,14 +1025,13 @@ class db_helper * Check to see if a field in a table exists * * @param string $schema - * Schema that contains tables + * Schema that contains tables * @param string $table_name - * Table to check + * Table to check * @param string $field_name - * Field name to find + * Field name to find * - * @return boolean - * Returns TRUE if field is found in that schema and table, otherwise FALSE + * @return boolean Returns TRUE if field is found in that schema and table, otherwise FALSE */ public function field_exists($schema, $table_name, $field_name) { @@ -1042,11 +1052,12 @@ class db_helper * Function to get the column data (datatype, flags, defaults, etc) * * @param string $schema - * Schema to search for table in + * Schema to search for table in * @param string $table_name - * Table to query - * @param mixed $field [optional] - * Optional field to retrieve data (if null, returns data from all fields) + * Table to query + * @param mixed $field + * [optional] + * Optional field to retrieve data (if null, returns data from all fields) * * @return array */ @@ -1056,14 +1067,11 @@ class db_helper if (is_null($field)) { $res = $this->c->query("SELECT * FROM $table_name LIMIT 1"); - } - elseif (is_array($field)) { + } elseif (is_array($field)) { $res = $this->c->query("SELECT `" . implode("`,`", $field) . "` FROM $table_name LIMIT 1"); - } - elseif (is_string($field)) { + } elseif (is_string($field)) { $res = $this->c->query("SELECT $field FROM $table_name LIMIT 1"); - } - else { + } else { return null; } @@ -1092,44 +1100,36 @@ class db_helper public function field_check($field_data, $check, $pks, $index) { $default = null; - $ret = null; + $ret = null; $nn = ($check->nn ? " NOT NULL" : null); if ($check->default === null) { $default = " DEFAULT NULL"; - } - elseif (strlen($check->default)) { + } elseif (strlen($check->default)) { $default = " DEFAULT '{$check->default}'"; } if ($field_data->type != $check->type && $check->type != MYSQLI_TYPE_ENUM) { $this->debug("{$field_data->name} wrong datatype, changing to {$check->dataType}"); - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . - "{$nn}{$default}"; - } - elseif (!is_null($check->length) && $field_data->length != $check->length) { + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . "{$nn}{$default}"; + } elseif (! is_null($check->length) && $field_data->length != $check->length) { $this->debug("{$field_data->name} incorrect size ({$field_data->length} != {$check->length})"); - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . - "{$nn}{$default}"; - } - elseif ($check->type == MYSQLI_TYPE_ENUM && !($field_data->flags & MYSQLI_ENUM_FLAG)) { - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}('" . implode("','", $check->values) . "')" . - "{$nn}{$default}"; + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . "{$nn}{$default}"; + } elseif ($check->type == MYSQLI_TYPE_ENUM && ! ($field_data->flags & MYSQLI_ENUM_FLAG)) { + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}('" . implode("','", $check->values) . "')" . "{$nn}{$default}"; } - if (!is_null($index) && is_array($index) && count($index)) { + if (! is_null($index) && is_array($index) && count($index)) { foreach ($index as $ind) { - if ($check->name == $ind->ref && !($field_data->flags & MYSQLI_MULTIPLE_KEY_FLAG)) { + if ($check->name == $ind->ref && ! ($field_data->flags & MYSQLI_MULTIPLE_KEY_FLAG)) { $this->debug("{$field_data->name} is not an index"); - $ret .= ($ret ? "," : "") . - " ADD INDEX `{$ind->id}` (`{$ind->ref}` ASC)"; + $ret .= ($ret ? "," : "") . " ADD INDEX `{$ind->id}` (`{$ind->ref}` ASC)"; } } } - if (in_array($check->name, $pks) && !($field_data->flags & MYSQLI_PRI_KEY_FLAG)) { - $ret .= ($ret ? "," : "") . - " DROP PRIMARY KEY, ADD PRIMARY KEY(`" . implode("`,`", $pks) . "`)"; + if (in_array($check->name, $pks) && ! ($field_data->flags & MYSQLI_PRI_KEY_FLAG)) { + $ret .= ($ret ? "," : "") . " DROP PRIMARY KEY, ADD PRIMARY KEY(`" . implode("`,`", $pks) . "`)"; } return $ret; @@ -1139,12 +1139,11 @@ class db_helper * Function to check for the existence of a table within a schema * * @param string $schema - * Schema to search for table + * Schema to search for table * @param string $table_name - * Table to search for + * Table to search for * - * @return boolean - * Returns TRUE if table is found in that schema, otherwise FALSE + * @return boolean Returns TRUE if table is found in that schema, otherwise FALSE */ public function table_exists($schema, $table_name) { @@ -1174,42 +1173,34 @@ class db_helper * Function to escape SQL characters to prevent SQL injection * * @param mixed $val - * Value to escape + * Value to escape * - * @return string - * Escaped value + * @return string Escaped value */ public function _escape($val) { if (is_null($val)) { return 'NULL'; - } - elseif (is_numeric($val) || is_string($val)) { + } elseif (is_numeric($val) || is_string($val)) { if ($this->isJson($val)) { return "'{$this->c->real_escape_string($val)}'"; - } - elseif (strtolower($val) == 'now()') { + } elseif (strtolower($val) == 'now()') { return $val; - } - elseif (preg_match("/\.`\w+`/", $val)) { + } elseif (preg_match("/\.`\w+`/", $val)) { return $val; } return "'{$this->c->real_escape_string($val)}'"; - } - elseif (is_a($val, 'DateTime')) { + } elseif (is_a($val, 'DateTime')) { return "'{$val->format(MYSQL_DT_FORMAT)}'"; - } - elseif (is_bool($val)) { + } elseif (is_bool($val)) { return $val ? "'1'" : "'0'"; - } - elseif (gettype($val) == 'object') { + } elseif (gettype($val) == 'object') { $this->debug(E_ERROR, "Unknown object to escape " . get_class($val) . " in SQL string {$this->sql}"); - } - else { + } else { $this->debug(E_ERROR, "Unknown datatype to escape in SQL string {$this->sql} " . gettype($val)); } - throw(new Exception("Unknown datatype to escape in SQL string {$this->sql} " . gettype($val), E_ERROR)); + throw (new Exception("Unknown datatype to escape in SQL string {$this->sql} " . gettype($val), E_ERROR)); } /** @@ -1222,10 +1213,9 @@ class db_helper public function fetch_all($resulttype = MYSQLI_ASSOC) { $res = []; - if (method_exists('mysqli_result', 'fetch_all')) { # Compatibility layer with PHP < 5.3 + if (method_exists('mysqli_result', 'fetch_all')) { // Compatibility layer with PHP < 5.3 $res = $this->result->fetch_all($resulttype); - } - else { + } else { while ($tmp = $this->result->fetch_array($resulttype)) { $res[] = $tmp; } @@ -1266,17 +1256,12 @@ class db_helper $errmsg = $this->sql; } - file_put_contents(realpath(LOG_PATH . '/db.log'), "{$dt->format(DATE_ISO8601)}\t" . - "$err_lvl\t" . - "Executing: $this->query_type\t" . - "SQL: {$errmsg}" . PHP_EOL, FILE_APPEND); + file_put_contents(realpath(LOG_PATH . '/db.log'), "{$dt->format(DATE_ISO8601)}\t" . "$err_lvl\t" . "Executing: $this->query_type\t" . "SQL: {$errmsg}" . PHP_EOL, FILE_APPEND); if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) { file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND); - } - elseif ($errno == E_ERROR && $this->c->error) { - file_put_contents(realpath(LOG_PATH . '/db.err'), "{$dt->format(DATE_ISO8601)}\t" . - "{$this->c->error}" . PHP_EOL, FILE_APPEND); + } elseif ($errno == E_ERROR && $this->c->error) { + file_put_contents(realpath(LOG_PATH . '/db.err'), "{$dt->format(DATE_ISO8601)}\t" . "{$this->c->error}" . PHP_EOL, FILE_APPEND); error_log($this->c->error); die($this->c->error); } @@ -1285,8 +1270,9 @@ class db_helper /** * Function to populate the fields for the SQL * - * @param array $fields [optional] - * Optional array of fields to string together to create a field list + * @param array $fields + * [optional] + * Optional array of fields to string together to create a field list * * @return string */ @@ -1296,19 +1282,14 @@ class db_helper if (is_array($fields) && count($fields)) { foreach ($fields as $field) { - if ((strpos($field, '`') === false) && - (strpos($field, '.') === false) && - (strpos($field, '*') === false) && - (stripos($field, ' as ') === false)) { + if ((strpos($field, '`') === false) && (strpos($field, '.') === false) && (strpos($field, '*') === false) && (stripos($field, ' as ') === false)) { $str_fields .= "`$field`,"; - } - else { + } else { $str_fields .= "$field,"; } } - $str_fields = substr($str_fields, 0, -1); - } - elseif (is_null($fields)) { + $str_fields = substr($str_fields, 0, - 1); + } elseif (is_null($fields)) { $str_fields = "*"; } @@ -1319,27 +1300,27 @@ class db_helper * Function to create the where statement for the SQL * * @param array $where - * Two-dimensional array to use to build the where clause + * Two-dimensional array to use to build the where clause * - * - * array(
- *   array(
- *     'field' => 'field_name',
- *     'op' => '=', // (common operations or IN, BETWEEN, LIKE, NOT_LIKE, IS, & IS_NOT constants)
- *     'value' => 'field_value',
- *     'sql_op' => 'AND', // NOT required for first element (common SQL operators AND, OR, NOR)
- *     'open-paren' => true, // optional to add a paren '(' BEFORE clause
- *     'close-paren' => true, // optional to add a paren ')' AFTER clause
- *     'low' => '1', // LOW value only used in BETWEEN clause
- *     'high' => '100', // HIGH value only used in BETWEEN clause
- *     'case_insensitive' => true // optional boolean to set the parameters to LOWER to do case insenstive comparison - *   ),
- *   array(
- *     ...
- *   ),
- *   ...
- * ) - *
+ * + * array(
+ *   array(
+ *     'field' => 'field_name',
+ *     'op' => '=', // (common operations or IN, BETWEEN, LIKE, NOT_LIKE, IS, & IS_NOT constants)
+ *     'value' => 'field_value',
+ *     'sql_op' => 'AND', // NOT required for first element (common SQL operators AND, OR, NOR)
+ *     'open-paren' => true, // optional to add a paren '(' BEFORE clause
+ *     'close-paren' => true, // optional to add a paren ')' AFTER clause
+ *     'low' => '1', // LOW value only used in BETWEEN clause
+ *     'high' => '100', // HIGH value only used in BETWEEN clause
+ *     'case_insensitive' => true // optional boolean to set the parameters to LOWER to do case insenstive comparison + *   ),
+ *   array(
+ *     ...
+ *   ),
+ *   ...
+ * ) + *
* * @return string */ @@ -1348,11 +1329,10 @@ class db_helper $ret = " WHERE"; foreach ($where as $x => $w) { - if (!isset($w['field']) && isset($w['close-paren']) && $w['close-paren']) { + if (! isset($w['field']) && isset($w['close-paren']) && $w['close-paren']) { $ret .= ")"; continue; - } - elseif (!isset($w['field']) || ($x > 0 && !isset($w['sql_op']))) { + } elseif (! isset($w['field']) || ($x > 0 && ! isset($w['sql_op']))) { continue; } @@ -1364,51 +1344,47 @@ class db_helper $ret .= " ("; } - if ((strpos($w['field'], '`') === false) && - (strpos($w['field'], '.') === false) && - (strpos($w['field'], '*') === false) && - (stripos($w['field'], ' as ') === false)) { + if ((strpos($w['field'], '`') === false) && (strpos($w['field'], '.') === false) && (strpos($w['field'], '*') === false) && (stripos($w['field'], ' as ') === false)) { $field = "`{$w['field']}`"; - } - else { + } else { $field = $w['field']; } $not = null; - if (isset($w['op']) && in_array($w['op'], array(IS_NOT, NOT_LIKE, NOT_IN))) { + if (isset($w['op']) && in_array($w['op'], array( + IS_NOT, + NOT_LIKE, + NOT_IN + ))) { $not = ' NOT'; } if (isset($w['op']) && ($w['op'] == LIKE || $w['op'] == NOT_LIKE)) { $ret .= " {$field}{$not} LIKE {$w['value']}"; - } - elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_string($w['value'])) { + } elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_string($w['value'])) { $ret .= " {$field}{$not} IN " . (strpos($w['value'], '(') !== false ? $w['value'] : "({$w['value']})"); - } - elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_array($w['value'])) { - $ret .= " {$field}{$not} IN (" . implode(",", array_map(array($this, '_escape'), $w['value'])) . ")"; - } - elseif (isset($w['op']) && $w['op'] == BETWEEN) { - if (!isset($w['low']) && !isset($w['high'])) { + } elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_array($w['value'])) { + $ret .= " {$field}{$not} IN (" . implode(",", array_map(array( + $this, + '_escape' + ), $w['value'])) . ")"; + } elseif (isset($w['op']) && $w['op'] == BETWEEN) { + if (! isset($w['low']) && ! isset($w['high'])) { continue; } $ret .= " {$field} BETWEEN {$this->_escape($w['low'])} AND {$this->_escape($w['high'])}"; - } - elseif (isset($w['op']) && ($w['op'] == IS || $w['op'] == IS_NOT)) { + } elseif (isset($w['op']) && ($w['op'] == IS || $w['op'] == IS_NOT)) { $ret .= " {$field} IS{$not} {$this->_escape($w['value'])}"; - } - else { + } else { $op = "="; if (isset($w['op'])) { $op = $w['op']; } if (isset($w['case_insensitive']) && $w['case_insensitive']) { $ret .= " LOWER({$field}) {$op} LOWER({$this->_escape($w['value'])})"; - } - elseif (preg_match("/\(SELECT/", $w['value'])) { + } elseif (preg_match("/\(SELECT/", $w['value'])) { $ret .= " {$field} {$op} {$w['value']}"; - } - else { + } else { $ret .= " {$field} {$op} {$this->_escape($w['value'])}"; } } @@ -1427,20 +1403,20 @@ class db_helper * Function to parse the flags * * @param array $flags - * Two-dimensional array to added flags + * Two-dimensional array to added flags * - * - * array( - *   'table_joins' => array( - *     "JOIN table2 t2 ON t2.id=t1.id" - *   ), - *   'group' => 'field', - *   'having' => 'field', - *   'order' => 'field', - *   'start' => 0, - *   'limit' => 0 - * ) - * + * + * array( + *   'table_joins' => array( + *     "JOIN table2 t2 ON t2.id=t1.id" + *   ), + *   'group' => 'field', + *   'having' => 'field', + *   'order' => 'field', + *   'start' => 0, + *   'limit' => 0 + * ) + * * * @see db_helper::groups() * @see db_helper::having() @@ -1491,8 +1467,7 @@ class db_helper foreach ($groups as $grp) { $ret .= " $grp"; } - } - elseif (is_string($groups)) { + } elseif (is_string($groups)) { $ret .= " GROUP BY {$groups}"; } @@ -1503,15 +1478,14 @@ class db_helper * Function to parse SQL HAVING statements * * @param mixed $having - * - * return string + * return string */ private function having($having) { $ret = " HAVING"; - $x = 0; + $x = 0; foreach ($having as $h) { - if (!isset($h['field']) || ($x > 0 && !isset($h['sql_op']))) { + if (! isset($h['field']) || ($x > 0 && ! isset($h['sql_op']))) { continue; } @@ -1521,27 +1495,21 @@ class db_helper if ($h['op'] == LIKE) { $ret .= " {$h['field']} LIKE {$h['value']}"; - } - elseif ($h['op'] == IN && is_string($h['value'])) { + } elseif ($h['op'] == IN && is_string($h['value'])) { $ret .= " {$h['field']} IN {$h['value']}"; - } - elseif ($h['op'] == IN && is_array($h['value'])) { + } elseif ($h['op'] == IN && is_array($h['value'])) { $ret .= " {$h['field']} IN ('" . implode("', '", $h['value']) . "')"; - } - elseif ($h['op'] == BETWEEN) { + } elseif ($h['op'] == BETWEEN) { $ret .= " {$h['field']} BETWEEN {$this->_escape($h['low'])} AND {$this->_escape($h['high'])}"; - } - elseif ($h['op'] == IS) { + } elseif ($h['op'] == IS) { $ret .= " {$h['field']} IS {$this->_escape($h['value'])}"; - } - elseif ($h['op'] == IS_NOT) { + } elseif ($h['op'] == IS_NOT) { $ret .= " {$h['field']} IS NOT {$this->_escape($h['value'])}"; - } - else { + } else { $ret .= " {$h['field']} {$h['op']} {$this->_escape($h['value'])}"; } - $x++; + $x ++; } return $ret; @@ -1564,9 +1532,8 @@ class db_helper $ret .= " {$ord['field']} {$ord['sort']},"; } - $ret = substr($ret, 0, -1); - } - elseif (is_string($order)) { + $ret = substr($ret, 0, - 1); + } elseif (is_string($order)) { $ret .= " ORDER BY {$order}"; } @@ -1586,17 +1553,15 @@ class db_helper return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1607,12 +1572,12 @@ class db_helper } } - if (!$stmt = $conn->prepare($sql)) { + if (! $stmt = $conn->prepare($sql)) { print $conn->error . PHP_EOL; return; } - if (!$stmt->execute()) { + if (! $stmt->execute()) { print "Execution of prepared statement failed: (" . $stmt->errno . ") " . $stmt->error . PHP_EOL; return false; } @@ -1629,23 +1594,21 @@ class db_helper { $args = func_get_args(); $conn = null; - $ret = []; + $ret = []; if (is_array($args) && count($args) < 2) { return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1656,40 +1619,42 @@ class db_helper } } - if (!$stmt = $conn->prepare($sql)) { + if (! $stmt = $conn->prepare($sql)) { print $conn->error . PHP_EOL; return; } - if (!$stmt->execute()) { + if (! $stmt->execute()) { print "Execution of prepared statement failed: (" . $stmt->errno . ") " . $stmt->error . PHP_EOL; return; } - $meta = $stmt->result_metadata(); - $fields = $fieldNames = []; + $meta = $stmt->result_metadata(); + $fields = $fieldNames = []; while ($field = $meta->fetch_field()) { - $fieldNames[] = $var = $field->name; - $$var = null; + $fieldNames[] = $var = $field->name; + $$var = null; $fields[$var] = &$$var; } $fieldCount = (is_array($fieldNames) ? count($fieldNames) : 0); - call_user_func_array(array($stmt, "bind_result"), $fields); + call_user_func_array(array( + $stmt, + "bind_result" + ), $fields); $i = 0; while ($stmt->fetch()) { - for ($r = 0; $r < $fieldCount; $r++) { + for ($r = 0; $r < $fieldCount; $r ++) { $ret[$i][$fieldNames[$r]] = $fields[$fieldNames[$r]]; } } if (is_array($ret) && count($ret) == 1) { return $ret[0]; - } - else { + } else { return $ret; } } @@ -1702,23 +1667,21 @@ class db_helper { $args = func_get_args(); $conn = null; - $sql = ''; + $sql = ''; if (is_array($args) && count($args) < 3) { return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1757,26 +1720,106 @@ class db * Array of words to be removed */ private $DISALLOWED = array( - 'the', 'be', 'to', 'of', 'and', - 'a', 'in', 'that', 'have', 'I', - 'it', 'for', 'not', 'on', 'with', - 'he', 'as', 'you', 'do', 'at', - 'this', 'but', 'his', 'by', 'from', - 'they', 'we', 'say', 'her', 'she', - 'or', 'an', 'will', 'my', 'one', - 'all', 'would', 'there', 'their', 'what', - 'so', 'up', 'out', 'if', 'about', - 'who', 'get', 'which', 'go', 'me', - 'when', 'make', 'can', 'like', 'time', - 'no', 'just', 'him', 'know', 'take', - 'people', 'into', 'year', 'your', 'good', - 'some', 'could', 'them', 'see', 'other', - 'than', 'then', 'now', 'look', 'only', - 'come', 'its', 'over', 'think', 'also', - 'back', 'after', 'use', 'two', 'how', - 'our', 'work', 'first', 'well', 'way', - 'even', 'new', 'want', 'because', 'any', - 'these', 'give', 'day', 'most', 'us' + 'the', + 'be', + 'to', + 'of', + 'and', + 'a', + 'in', + 'that', + 'have', + 'I', + 'it', + 'for', + 'not', + 'on', + 'with', + 'he', + 'as', + 'you', + 'do', + 'at', + 'this', + 'but', + 'his', + 'by', + 'from', + 'they', + 'we', + 'say', + 'her', + 'she', + 'or', + 'an', + 'will', + 'my', + 'one', + 'all', + 'would', + 'there', + 'their', + 'what', + 'so', + 'up', + 'out', + 'if', + 'about', + 'who', + 'get', + 'which', + 'go', + 'me', + 'when', + 'make', + 'can', + 'like', + 'time', + 'no', + 'just', + 'him', + 'know', + 'take', + 'people', + 'into', + 'year', + 'your', + 'good', + 'some', + 'could', + 'them', + 'see', + 'other', + 'than', + 'then', + 'now', + 'look', + 'only', + 'come', + 'its', + 'over', + 'think', + 'also', + 'back', + 'after', + 'use', + 'two', + 'how', + 'our', + 'work', + 'first', + 'well', + 'way', + 'even', + 'new', + 'want', + 'because', + 'any', + 'these', + 'give', + 'day', + 'most', + 'us' ); /** @@ -1805,24 +1848,23 @@ class db /** * Constructor function to instantiate a new DB object and connection * - * @param bool $persistent [optional] + * @param bool $persistent + * [optional] */ public function __construct($persistent = false) { // attempt to create a new database connection $host = ($persistent ? "p:" : "") . DB_SERVER; if (class_exists('mysqli')) { - $pwd = self::decrypt_pwd(); + $pwd = self::decrypt_pwd(); $this->conn = new mysqli($host, 'web', $pwd, 'sagacity'); - } - else { + } else { die("Could not find the mysqli class"); } // if there is a problem output that if ($this->conn->connect_errno && $this->conn->connect_errno == 1045) { die("Invalid database username and/or password"); - } - elseif ($this->conn->connect_errno) { + } elseif ($this->conn->connect_errno) { error_log("Error connecting to " . DB_SERVER . " " . $this->conn->connect_error); die("Error connecting to " . DB_SERVER); } @@ -1841,12 +1883,12 @@ class db */ public static function decrypt_pwd() { - if (!file_exists(DOC_ROOT . "/" . PWD_FILE)) { + if (! file_exists(DOC_ROOT . "/" . PWD_FILE)) { die("Cannot connect to the database because the password file does not exist"); } $enc_pwd = file_get_contents(DOC_ROOT . "/" . PWD_FILE); - $pwd = my_decrypt($enc_pwd); + $pwd = my_decrypt($enc_pwd); return $pwd; } @@ -1854,8 +1896,7 @@ class db /** * Get the ID of the last command that was executed * - * @return integer - * The integer of the last primary key id inserted into whatever table + * @return integer The integer of the last primary key id inserted into whatever table */ public function get_Last_Insert_ID() { @@ -1866,26 +1907,25 @@ class db /** * Function to get an advisory from the database * - * @param string $advisory_id [optional] - * String with advisory ID to specifically find + * @param string $advisory_id + * [optional] + * String with advisory ID to specifically find * - * @return array:advisory|NULL - * Returns array of advisory objects or NULL if nothing is found in the database + * @return array:advisory|NULL Returns array of advisory objects or NULL if nothing is found in the database */ public function get_Advisory($advisory_id = null) { $ret = []; - if (!is_null($advisory_id)) { + if (! is_null($advisory_id)) { $this->help->select("sagacity.advisories", null, array( array( 'field' => 'advisory_id', - 'op' => '=', + 'op' => '=', 'value' => $advisory_id ) )); - } - else { + } else { $this->help->select("sagacity.advisories", null, []); } @@ -1894,8 +1934,7 @@ class db $ret[] = new advisory($row['pdi_id'], $row['advisory_id'], $row['reference'], $row['type'], $row['url']); } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -1906,10 +1945,9 @@ class db * Update or insert an advisory * * @param array:advisory $advisories - * Array of advisory class objects to save/update to database + * Array of advisory class objects to save/update to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Advisory($advisories) { @@ -1937,7 +1975,7 @@ class db $this->help->extended_replace("sagacity.advisories", $fields, $values); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); @@ -1952,21 +1990,21 @@ class db /** * Get ST&E category data * - * @param integer $int_Cat_ID [optional] - * Grab specific ste_cat from database (default NULL) + * @param integer $int_Cat_ID + * [optional] + * Grab specific ste_cat from database (default NULL) * - * @return array:ste_cat|NULL - * Returns an array of categories that are applicable to the specific ST&E or a specifically requested category + * @return array:ste_cat|NULL Returns an array of categories that are applicable to the specific ST&E or a specifically requested category */ public function get_Category($int_Cat_ID = null) { $where = []; - $ret = []; + $ret = []; if ($int_Cat_ID != null) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_Cat_ID ]; } @@ -1975,23 +2013,29 @@ class db $cats = $this->help->execute(); if (is_array($cats) && count($cats) && isset($cats['id'])) { - $cats = [0 => $cats]; + $cats = [ + 0 => $cats + ]; } if (is_array($cats) && count($cats)) { foreach ($cats as $cat) { $tmp = new ste_cat($cat['id'], $cat['ste_id'], $cat['name'], $cat['analysts']); - $this->help->select("ste_cat_sources", ['src_id'], [ + $this->help->select("ste_cat_sources", [ + 'src_id' + ], [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat['id'] ] ]); $srcs = $this->help->execute(); if (is_array($srcs) && count($srcs) && isset($srcs['src_id'])) { - $srcs = [0 => $srcs]; + $srcs = [ + 0 => $srcs + ]; } if (is_array($srcs) && count($srcs)) { @@ -2011,30 +2055,33 @@ class db /** * Function to automatically put targets in categories by operating systems
- * Skips generic OS's and targets that already assigned + * Skips generic OS's and targets that already assigned * * @param int $ste_id */ public function auto_Catorgize_Targets($ste_id) { - $this->help->select("sagacity.target t", ['t.id', 't.os_string'], [ + $this->help->select("sagacity.target t", [ + 't.id', + 't.os_string' + ], [ [ 'field' => 't.ste_id', 'value' => $ste_id ], [ - 'field' => 't.cat_id', - 'op' => IS, - 'value' => null, + 'field' => 't.cat_id', + 'op' => IS, + 'value' => null, 'sql_op' => 'AND' ], [ - 'field' => 's.cpe', - 'op' => '!=', - 'value' => 'cpe:/o:generic:generic:-', + 'field' => 's.cpe', + 'op' => '!=', + 'value' => 'cpe:/o:generic:generic:-', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ 'JOIN sagacity.software s ON t.os_id=s.id' ] @@ -2042,20 +2089,24 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $id = 0; - $this->help->select("sagacity.ste_cat", ['id'], [ + $this->help->select("sagacity.ste_cat", [ + 'id' + ], [ [ 'field' => 'ste_id', 'value' => $ste_id ], [ - 'field' => 'name', - 'value' => trim($row['os_string']), + 'field' => 'name', + 'value' => trim($row['os_string']), 'sql_op' => 'AND' ] ]); @@ -2063,17 +2114,18 @@ class db $tmp = $this->help->execute(); if (is_array($tmp) && count($tmp) && isset($tmp['id'])) { $id = $tmp['id']; - } - else { + } else { $this->help->insert("sagacity.ste_cat", [ 'ste_id' => $ste_id, - 'name' => trim($row['os_string']) - ], true); + 'name' => trim($row['os_string']) + ], true); $id = $this->help->execute(); } if ($id) { - $this->help->update("sagacity.target", ['cat_id' => $id], [ + $this->help->update("sagacity.target", [ + 'cat_id' => $id + ], [ [ 'field' => 'id', 'value' => $row['id'] @@ -2090,38 +2142,36 @@ class db * * @param ste_cat $ste_cat_in * - * @return mixed - * Returns FALSE if failed, otherwise the ID of the newly inserted category + * @return mixed Returns FALSE if failed, otherwise the ID of the newly inserted category */ public function save_Category($ste_cat_in) { if (is_null($ste_cat_in->get_ID())) { $this->help->insert("sagacity.ste_cat", array( - 'ste_id' => $ste_cat_in->get_STE_ID(), - 'name' => $ste_cat_in->get_Name(), + 'ste_id' => $ste_cat_in->get_STE_ID(), + 'name' => $ste_cat_in->get_Name(), 'analysts' => $ste_cat_in->get_Analyst() )); - if (!($cat_id = $this->help->execute())) { + if (! ($cat_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } $ste_cat_in->set_ID($cat_id); - } - else { + } else { $this->help->update("sagacity.ste_cat", array( - 'name' => $ste_cat_in->get_Name(), + 'name' => $ste_cat_in->get_Name(), 'analysts' => $ste_cat_in->get_Analyst() - ), array( + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $ste_cat_in->get_ID() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2131,7 +2181,7 @@ class db $this->help->delete("ste_cat_sources", null, [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $ste_cat_in->get_ID() ] ]); @@ -2139,9 +2189,15 @@ class db $srcs = []; foreach ($ste_cat_in->get_Sources() as $src) { - $srcs[] = [$ste_cat_in->get_ID(), $src->get_ID()]; + $srcs[] = [ + $ste_cat_in->get_ID(), + $src->get_ID() + ]; } - $this->help->extended_insert("ste_cat_sources", ['cat_id', 'src_id'], $srcs); + $this->help->extended_insert("ste_cat_sources", [ + 'cat_id', + 'src_id' + ], $srcs); $this->help->execute(); } @@ -2152,24 +2208,25 @@ class db * This function renames a category * * @param integer $intOldCat - * Category ID of the category to rename + * Category ID of the category to rename * @param string $strNewCatName - * New name for the category + * New name for the category * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function rename_Cat($intOldCat, $strNewCatName) { - $this->help->update("sagacity.ste_cat", array('name' => $strNewCatName), array( + $this->help->update("sagacity.ste_cat", array( + 'name' => $strNewCatName + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intOldCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2181,22 +2238,23 @@ class db * This function deletes a category and assigns the targets to "Unassigned" * * @param integer $intCat - * ID of the category to delete + * ID of the category to delete * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function delete_Cat($intCat) { - $this->help->update("sagacity.target", array('cat_id' => null), array( + $this->help->update("sagacity.target", array( + 'cat_id' => null + ), array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2204,12 +2262,12 @@ class db $this->help->delete("sagacity.ste_cat_sources", null, array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2217,12 +2275,12 @@ class db $this->help->delete("sagacity.category_interview", null, array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2230,12 +2288,12 @@ class db $this->help->delete("sagacity.ste_cat", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2247,24 +2305,25 @@ class db * This function sets the analyst that is in charge of this category * * @param integer $intCat - * Category ID to update + * Category ID to update * @param string $strAnalyst - * Name of the analyst + * Name of the analyst * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function assign_Analyst_To_Category($intCat, $strAnalyst) { $analysts = strtolower($strAnalyst) == 'none' ? null : $strAnalyst; - $this->help->update("sagacity.ste_cat", array('analysts' => $analysts), array( + $this->help->update("sagacity.ste_cat", array( + 'analysts' => $analysts + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2276,24 +2335,25 @@ class db * This function does the move of a tgt to a new category * * @param array:integer $arrTgts - * Array of integer ID for each target to move + * Array of integer ID for each target to move * @param integer $intCat - * Category ID to reassign them to + * Category ID to reassign them to * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function move_Tgt_To_Cat($arrTgts, $intCat) { - $this->help->update("sagacity.target", array('cat_id' => $intCat), array( + $this->help->update("sagacity.target", array( + 'cat_id' => $intCat + ), array( array( 'field' => 'id', - 'op' => IN, + 'op' => IN, 'value' => $arrTgts ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2307,28 +2367,33 @@ class db * Getter function for CCE * * @param string $cce_id - * CCE ID to query for + * CCE ID to query for * * @return array:cce */ public function get_CCE($cce_id = null) { - $ret = []; + $ret = []; $where = []; - if (!is_null($cce_id)) { + if (! is_null($cce_id)) { $where[] = array( 'field' => 'cce_id', - 'op' => '=', + 'op' => '=', 'value' => $cce_id ); } - $this->help->select("sagacity.cce", array('pdi_id', 'cce_id'), $where); + $this->help->select("sagacity.cce", array( + 'pdi_id', + 'cce_id' + ), $where); $cces = $this->help->execute(); if (is_array($cces) && count($cces) && isset($cces['pdi_id'])) { - $cces = array(0 => $cces); + $cces = array( + 0 => $cces + ); } if (is_array($cces) && count($cces) && isset($cces[0])) { @@ -2344,36 +2409,40 @@ class db * Function to save CCE's to database * * @param array:cce|cce $cces - * An array of CCE's that need to be saved + * An array of CCE's that need to be saved * - * @return boolean - * Returns TRUE if save was successful, otherwise FALSE + * @return boolean Returns TRUE if save was successful, otherwise FALSE */ public function save_CCE($cces) { - $ret = true; - $fields = array('pdi_id', 'cce_id'); + $ret = true; + $fields = array( + 'pdi_id', + 'cce_id' + ); $params = []; if (is_array($cces)) { foreach ($cces as $cce) { - $params[] = [$cce->get_PDI_ID(), $cce->get_CCE_ID()]; + $params[] = [ + $cce->get_PDI_ID(), + $cce->get_CCE_ID() + ]; } $this->help->extended_replace("sagacity.cce", $fields, $params); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); $ret = false; } - } - else { + } else { $this->help->replace("sagacity.cce", array( 'pdi_id' => $cces->get_PDI_ID(), 'cce_id' => $cces->get_CCE_ID() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); $ret = false; } @@ -2390,11 +2459,11 @@ class db $this->help->select("sagacity.cci"); - if (!is_null($cci_id)) { + if (! is_null($cci_id)) { $this->help->select("sagacity.cci", null, array( array( 'field' => 'cci_id', - 'op' => '=', + 'op' => '=', 'value' => $cci_id ) )); @@ -2404,28 +2473,28 @@ class db if (is_array($ccis) && count($ccis)) { foreach ($ccis as $cci_data) { - $cci = new cci(); - $cci->cci_id = $cci_data['cci_id']; + $cci = new cci(); + $cci->cci_id = $cci_data['cci_id']; $cci->definition = $cci_data['definition']; - $cci->type = $cci_data['type']; - $cci->param = $cci_data['param']; - $cci->note = $cci_data['note']; + $cci->type = $cci_data['type']; + $cci->param = $cci_data['param']; + $cci->note = $cci_data['note']; $this->help->select("sagacity.cci_refs", null, array( array( 'field' => 'cci_id', - 'op' => '=', + 'op' => '=', 'value' => $cci_data['cci_id'] ) )); $refs = $this->help->execute(); if (is_array($refs) && count($refs)) { foreach ($refs as $ref_data) { - $ref = new cci_reference(); + $ref = new cci_reference(); $ref->index = $ref_data['index']; - $ref->url = $ref_data['url']; + $ref->url = $ref_data['url']; $ref->title = $ref_data['title']; - $ref->ver = $ref_data['ver']; + $ref->ver = $ref_data['ver']; $cci->refs[] = $ref; } @@ -2433,8 +2502,7 @@ class db $ret[] = $cci; } - } - else { + } else { $this->help->debug(E_ERROR); } @@ -2443,10 +2511,10 @@ class db /** * Get eMASS CCI Map + * * @author Matt Shuter * - * @return array - * Array of CCI-eMASS control mappings + * @return array Array of CCI-eMASS control mappings */ public function get_EMASS_CCIs() { @@ -2478,22 +2546,26 @@ class db ]; } $this->help->extended_insert('rmf.cci', array( - 'id', 'control_id', 'enh_id', 'def', 'guidance', 'procedure' - ), $ccis, true); - } - else { + 'id', + 'control_id', + 'enh_id', + 'def', + 'guidance', + 'procedure' + ), $ccis, true); + } else { $cci_id = preg_replace("/CCI\-[0]+/", "CCI-", $cci_in->cci_id); $this->help->insert('rmf.cci', array( - 'cci_id' => $cci_id, + 'cci_id' => $cci_id, 'control_id' => $cci_in->control_id, - 'enh_id' => $cci_in->enh_id, - 'def' => $cci_in->definition, - 'guidance' => $cci_in->guidance, - 'procedure' => $cci_in->procedure - ), true); + 'enh_id' => $cci_in->enh_id, + 'def' => $cci_in->definition, + 'guidance' => $cci_in->guidance, + 'procedure' => $cci_in->procedure + ), true); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2510,14 +2582,16 @@ class db */ public function save_EMASS_CCIs($ccis_in) { - $ret = false; - $columns = array('id', 'control'); + $ret = false; + $columns = array( + 'id', + 'control' + ); $this->help->extended_insert('rmf.emass_cci', $columns, $ccis_in, true); if ($this->help->execute()) { $ret = true; - } - else { + } else { $this->help->debug(E_ERROR); } @@ -2529,13 +2603,14 @@ class db /** * Get a checklist * - * @param mixed $Checklist_ID [optional] - * Checklist ID to query for (default NULL) - * @param boolean $ord_desc [optional] - * Decide if you want to order to return from newest release + * @param mixed $Checklist_ID + * [optional] + * Checklist ID to query for (default NULL) + * @param boolean $ord_desc + * [optional] + * Decide if you want to order to return from newest release * - * @return array:checklist - * Returns an array of checklists, or an empty array if none found + * @return array:checklist Returns an array of checklists, or an empty array if none found */ public function get_Checklist($Checklist_ID = null, $ord_desc = false) { @@ -2554,60 +2629,57 @@ class db 'type', 'icon' ]); - } - else { + } else { $this->help->select("sagacity.checklist", null); } $where = []; - if (!is_null($Checklist_ID)) { + if (! is_null($Checklist_ID)) { if (is_numeric($Checklist_ID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID ]; - } - elseif (is_array($Checklist_ID)) { + } elseif (is_array($Checklist_ID)) { if (isset($Checklist_ID['checklist_id'])) { $where[] = [ 'field' => 'checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID['checklist_id'] ]; } if (isset($Checklist_ID['type'])) { $where[] = [ - 'field' => 'type', - 'op' => '=', - 'value' => $Checklist_ID['type'], + 'field' => 'type', + 'op' => '=', + 'value' => $Checklist_ID['type'], 'sql_op' => 'AND' ]; } if (isset($Checklist_ID['version'])) { $where[] = [ - 'field' => 'ver', - 'op' => '=', - 'value' => $Checklist_ID['version'], + 'field' => 'ver', + 'op' => '=', + 'value' => $Checklist_ID['version'], 'sql_op' => 'AND' ]; } if (isset($Checklist_ID['release'])) { $where[] = [ - 'field' => 'release', - 'op' => '=', - 'value' => $Checklist_ID['release'], + 'field' => 'release', + 'op' => '=', + 'value' => $Checklist_ID['release'], 'sql_op' => 'AND' ]; } - } - else { + } else { $where[] = [ 'field' => 'checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID ]; } @@ -2622,20 +2694,43 @@ class db $flags = [ 'group' => 'type', 'order' => [ - ['field' => 'name', 'sort' => 'asc'], - ['field' => 'type', 'sort' => 'asc'], - ['field' => 'ver', 'sort' => 'desc'], - ['field' => 'LPAD(`release`,2,0)', 'sort' => 'desc'] + [ + 'field' => 'name', + 'sort' => 'asc' + ], + [ + 'field' => 'type', + 'sort' => 'asc' + ], + [ + 'field' => 'ver', + 'sort' => 'desc' + ], + [ + 'field' => 'LPAD(`release`,2,0)', + 'sort' => 'desc' + ] ] ]; - } - else { + } else { $flags = [ 'order' => [ - ['field' => 'name', 'sort' => 'asc'], - ['field' => 'type', 'sort' => 'asc'], - ['field' => 'ver', 'sort' => 'asc'], - ['field' => 'LPAD(`release`,2,0)', 'sort' => 'asc'] + [ + 'field' => 'name', + 'sort' => 'asc' + ], + [ + 'field' => 'type', + 'sort' => 'asc' + ], + [ + 'field' => 'ver', + 'sort' => 'asc' + ], + [ + 'field' => 'LPAD(`release`,2,0)', + 'sort' => 'asc' + ] ] ]; } @@ -2646,32 +2741,32 @@ class db $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows)) { foreach ($rows as $row) { - $chk = new checklist( - $row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon'] - ); + $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); /* - $this->help->select("sagacity.checklist_software_lookup", array('sw_id'), array( - array( - 'field' => 'chk_id', - 'op' => '=', - 'value' => $row['id'] - ) - )); - $sw_rows = $this->help->execute(); - if (count($sw_rows)) { - if (isset($sw_rows['sw_id'])) { - $sw_rows = array(0 => $sw_rows); - } - - foreach ($sw_rows as $row2) { - $chk->add_SW($this->get_Software($row2['sw_id'])); - } - } + * $this->help->select("sagacity.checklist_software_lookup", array('sw_id'), array( + * array( + * 'field' => 'chk_id', + * 'op' => '=', + * 'value' => $row['id'] + * ) + * )); + * $sw_rows = $this->help->execute(); + * if (count($sw_rows)) { + * if (isset($sw_rows['sw_id'])) { + * $sw_rows = array(0 => $sw_rows); + * } + * + * foreach ($sw_rows as $row2) { + * $chk->add_SW($this->get_Software($row2['sw_id'])); + * } + * } */ $ret[] = $chk; } @@ -2699,14 +2794,18 @@ class db $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { - $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); - /**/ - $this->help->select("sagacity.checklist_software_lookup", ['sw_id'], [ + $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); + /* */ + $this->help->select("sagacity.checklist_software_lookup", [ + 'sw_id' + ], [ [ 'field' => 'chk_id', 'value' => $row['id'] @@ -2715,7 +2814,9 @@ class db $sw_rows = $this->help->execute(); if (is_array($sw_rows) && count($sw_rows)) { if (isset($sw_rows['sw_id'])) { - $sw_rows = [0 => $sw_rows]; + $sw_rows = [ + 0 => $sw_rows + ]; } foreach ($sw_rows as $row2) { @@ -2734,38 +2835,41 @@ class db * Function to retrieve the most current checklist for a given software package * * @param software $software - * Software of which to look for checklists + * Software of which to look for checklists * - * @return array:checklist - * Returns an array of checklists that this software ties to. Otherwise, an empty array + * @return array:checklist Returns an array of checklists that this software ties to. Otherwise, an empty array */ public function get_Latest_Checklist_By_Software($software) { $ret = []; $this->help->create_table("c", true, $this->help->select("sagacity.checklist", null, [], array( - 'order' => '`ver` DESC, CONVERT(`release`, DECIMAL(4,2)) DESC' + 'order' => '`ver` DESC, CONVERT(`release`, DECIMAL(4,2)) DESC' ))); - if (!$this->help->execute()) { + if (! $this->help->execute()) { return $ret; } - $this->help->select("c", array('c.id'), array( + $this->help->select("c", array( + 'c.id' + ), array( array( 'field' => 'csl.sw_id', - 'op' => '=', + 'op' => '=', 'value' => $software->get_ID() ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.checklist_software_lookup csl ON csl.chk_id=c.id" ), - 'group' => 'c.name,c.type', - 'order' => 'c.name' + 'group' => 'c.name,c.type', + 'order' => 'c.name' )); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -2784,19 +2888,20 @@ class db * Get a summary of checklist stats * * @param integer $cat_id - * Integer category ID to get the summary on + * Integer category ID to get the summary on * - * @return NULL|array:targets,checklist,string - * Returns an associative array of target (id & name), checklists, and a summary that joins the two + * @return NULL|array:targets,checklist,string Returns an associative array of target (id & name), checklists, and a summary that joins the two */ public function get_Checklist_Summary($cat_id) { - $where = array(array( + $where = array( + array( 'field' => 't.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id - )); - $tgts = []; + ) + ); + $tgts = []; $chklsts = []; $summary = []; @@ -2804,59 +2909,73 @@ class db 'table_joins' => array( "LEFT JOIN sagacity.target t ON t.id=tc.tgt_id" ), - 'group' => 't.id' + 'group' => 't.id' )); $tgt_rows = $this->help->execute(); if (is_array($tgt_rows) && count($tgt_rows) && isset($tgt_rows['name'])) { - $tgt_rows = array(0 => $tgt_rows); + $tgt_rows = array( + 0 => $tgt_rows + ); } if (is_array($tgt_rows) && count($tgt_rows) && isset($tgt_rows[0])) { foreach ($tgt_rows as $row) { $tgts[$row['id']] = $row['name']; } - } - else { + } else { $this->help->debug(E_ERROR); } - $this->help->select("sagacity.target_checklist tc", array('c.id', 'c.name', 'c.type', 'c.ver', 'c.`release`'), $where, array( + $this->help->select("sagacity.target_checklist tc", array( + 'c.id', + 'c.name', + 'c.type', + 'c.ver', + 'c.`release`' + ), $where, array( 'table_joins' => array( "LEFT JOIN sagacity.checklist c ON tc.chk_id=c.id", "LEFT JOIN sagacity.target t ON tc.tgt_id=t.id" ), - 'group' => 'c.id', - 'order' => 'c.name' + 'group' => 'c.id', + 'order' => 'c.name' )); $chk_rows = $this->help->execute(); if (is_array($chk_rows) && count($chk_rows) && isset($chk_rows['id'])) { - $chk_rows = array(0 => $chk_rows); + $chk_rows = array( + 0 => $chk_rows + ); } if (is_array($chk_rows) && count($chk_rows) && isset($chk_rows[0])) { foreach ($chk_rows as $row) { $chklsts[$row['id']] = "{$row['name']} V{$row['ver']}R{$row['release']} (" . ($row['type'] == 'iavm' ? 'IAVM' : ucfirst($row['type'])) . ")"; } - } - else { + } else { $this->help->debug(E_ERROR); } - $this->help->select("sagacity.findings f", array("COUNT(1) as 'cnt'", 'c.id', 'c.name', 'c.ver', 'c.`release`'), array( + $this->help->select("sagacity.findings f", array( + "COUNT(1) as 'cnt'", + 'c.id', + 'c.name', + 'c.ver', + 'c.`release`' + ), array( array( 'field' => 't.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ), array( - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.target t ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id", @@ -2876,31 +2995,32 @@ class db $this->help->select_count("sagacity.target_checklist tc", [ [ 'field' => 'tc.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $host_key ], [ - 'field' => 'tc.chk_id', - 'op' => '=', - 'value' => $chk_key, + 'field' => 'tc.chk_id', + 'op' => '=', + 'value' => $chk_key, 'sql_op' => 'AND' ] ]); - } - else { - $this->help->select("sagacity.findings f", ["IF(COUNT(1) > 0, '1', '0')"], [ + } else { + $this->help->select("sagacity.findings f", [ + "IF(COUNT(1) > 0, '1', '0')" + ], [ [ 'field' => 'f.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $host_key ], [ - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id", "LEFT JOIN sagacity.checklist c ON c.id=pcl.checklist_id" @@ -2912,14 +3032,18 @@ class db } } - return ['tgts' => $tgts, 'checklists' => $chklsts, 'summary' => $summary]; + return [ + 'tgts' => $tgts, + 'checklists' => $chklsts, + 'summary' => $summary + ]; } /** * Get all checklist & targets in a category * * @param integer $cat_id - * Category ID to pull the checklists from + * Category ID to pull the checklists from * * @return NULL|array:string checklist */ @@ -2927,23 +3051,28 @@ class db { $chklsts = []; - $this->help->select("sagacity.target_checklist tc", array('tc.tgt_id', 'tc.chk_id'), array( + $this->help->select("sagacity.target_checklist tc", array( + 'tc.tgt_id', + 'tc.chk_id' + ), array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.target t ON tc.tgt_id = t.id", "LEFT JOIN sagacity.checklist c ON tc.chk_id = c.id" ), - 'order' => 'c.name' + 'order' => 'c.name' )); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -2951,14 +3080,13 @@ class db $chk = $this->get_Checklist($row['chk_id']); if (is_array($chk) && count($chk) && isset($chk[0]) && is_a($chk[0], 'checklist')) { $chk = $chk[0]; - } - else { + } else { continue; } - $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : null; + $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : null; $chklsts[$chk->get_ID()] = array( - 'tgts' => $tgts . $row['tgt_id'] . ",", + 'tgts' => $tgts . $row['tgt_id'] . ",", 'checklist' => $chk ); } @@ -2967,16 +3095,16 @@ class db $this->help->select_count("sagacity.target t", array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ), array( - 'field' => 'pcl.checklist_id', - 'op' => '=', - 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", + 'field' => 'pcl.checklist_id', + 'op' => '=', + 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.findings f ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id" @@ -2985,29 +3113,34 @@ class db $count = $this->help->execute(); if ($count) { - $this->help->select("sagacity.target t", array("t.id AS 'tgt_id'", "pcl.checklist_id AS 'chk_id'"), array( + $this->help->select("sagacity.target t", array( + "t.id AS 'tgt_id'", + "pcl.checklist_id AS 'chk_id'" + ), array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ), array( - 'field' => 'pcl.checklist_id', - 'op' => '=', - 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", + 'field' => 'pcl.checklist_id', + 'op' => '=', + 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.findings f ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id" ), - 'group' => 't.id,pcl.checklist_id' + 'group' => 't.id,pcl.checklist_id' )); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['tgt_id'])) { - $rows2 = array(0 => $rows2); + $rows2 = array( + 0 => $rows2 + ); } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { @@ -3015,14 +3148,13 @@ class db $chk = $this->get_Checklist($row2['chk_id']); if (is_array($chk) && count($chk) && isset($chk[0]) && is_a($chk[0], 'checklist')) { $chk = $chk[0]; - } - else { + } else { continue; } - $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : ""; + $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : ""; $chklsts[$chk->get_ID()] = array( - 'tgts' => $tgts . $row2['tgt_id'] . ",", + 'tgts' => $tgts . $row2['tgt_id'] . ",", 'checklist' => $chk ); } @@ -3036,30 +3168,35 @@ class db * Get array of checklists for a target * * @param integer $tgt_id - * The target ID of the target we want checklists from + * The target ID of the target we want checklists from * * @return array:checklist |NULL - * Returns an array of checklists that are assigned to the requested target + * Returns an array of checklists that are assigned to the requested target */ public function get_Target_Checklists($tgt_id) { - $this->help->select("sagacity.target_checklist tc", ['c.id', 'tc.class'], [ + $this->help->select("sagacity.target_checklist tc", [ + 'c.id', + 'tc.class' + ], [ [ 'field' => 'tc.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.checklist c ON c.id=tc.chk_id" ], - 'order' => 'c.name' + 'order' => 'c.name' ]); - $chk = []; + $chk = []; $chks = $this->help->execute(); if (isset($chks['id'])) { - $chks = [0 => $chks]; + $chks = [ + 0 => $chks + ]; } if (is_array($chks) && count($chks) && isset($chks[0])) { @@ -3072,10 +3209,12 @@ class db } // get the orphan checklist ID - $this->help->select("sagacity.checklist", ['id'], [ + $this->help->select("sagacity.checklist", [ + 'id' + ], [ [ 'field' => 'name', - 'op' => '=', + 'op' => '=', 'value' => 'Orphan' ] ]); @@ -3085,16 +3224,16 @@ class db $this->help->select_count("sagacity.pdi_checklist_lookup pcl", [ [ 'field' => 'pcl.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $orphan['id'] ], [ - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt_id, + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt_id, 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "RIGHT JOIN sagacity.findings f ON pcl.pdi_id=f.pdi_id" ] @@ -3121,46 +3260,45 @@ class db */ public function get_Category_Findings($cat_id, $chk_host_list = [], $status = null, $category = null) { - $ret = []; - $stigs = []; + $ret = []; + $stigs = []; $tgt_ids = []; $where = [ [ 'field' => 'gcf.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ] ]; - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ - 'field' => 'gcf.status', - 'op' => '=', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'gcf.status', + 'op' => '=', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'gcf.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'gcf.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { unset($where[1]['open-paren']); } } - if (!is_null($category)) { + if (! is_null($category)) { $where[] = [ - 'field' => 'gcf.cat', - 'op' => '=', - 'value' => $category, + 'field' => 'gcf.cat', + 'op' => '=', + 'value' => $category, 'sql_op' => 'AND' ]; } @@ -3168,50 +3306,57 @@ class db $this->help->select("sagacity.get_cat_findings gcf", null, $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { if (is_null($row['chk_icon']) || $row['chk_icon'] == '') { $worksheet_name = '(Unknown)'; - } - else { - $worksheet_name = substr($row['chk_icon'], 0, -4); + } else { + $worksheet_name = substr($row['chk_icon'], 0, - 4); } - if (!isset($ret[$worksheet_name])) { - $ret[$worksheet_name] = ['target_list' => [], 'checklists' => [], 'stigs' => []]; - $where2 = [ + if (! isset($ret[$worksheet_name])) { + $ret[$worksheet_name] = [ + 'target_list' => [], + 'checklists' => [], + 'stigs' => [] + ]; + $where2 = [ [ 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ], [ - 'field' => 'c.icon', - 'op' => LIKE, - 'value' => "'$worksheet_name%'", + 'field' => 'c.icon', + 'op' => LIKE, + 'value' => "'$worksheet_name%'", 'sql_op' => 'AND' ] ]; if (is_array($tgt_ids) && count($tgt_ids)) { $where2[] = [ - 'field' => 't.id', - 'op' => IN, - 'value' => $tgt_ids, + 'field' => 't.id', + 'op' => IN, + 'value' => $tgt_ids, 'sql_op' => 'AND' ]; } - $this->help->select("target t", ['t.class'], $where2, [ + $this->help->select("target t", [ + 't.class' + ], $where2, [ 'table_joins' => [ "LEFT JOIN target_checklist tc ON tc.tgt_id = t.id", "LEFT JOIN checklist c ON c.id=tc.chk_id" ], - 'group' => 't.class', - 'order' => "FIELD(t.class, 'S', 'FOUO', 'U')" + 'group' => 't.class', + 'order' => "FIELD(t.class, 'S', 'FOUO', 'U')" ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['class'])) { @@ -3219,33 +3364,31 @@ class db } } - if (!in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { + if (! in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { $ret[$worksheet_name]['checklists'][] = $row['chk_id']; } - if (!isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { + if (! isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { $ret[$worksheet_name]['target_list']["{$row['tgt_name']}"] = count($ret[$worksheet_name]['target_list']) + 6; } - if (!isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { - if (!empty($row['finding_ia_controls'])) { + if (! isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { + if (! empty($row['finding_ia_controls'])) { $ia = explode(' ', $row['finding_ia_controls']); - } - else { + } else { $ia = explode(' ', $row['ia_controls']); } - $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); + $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); $echk->set_PDI_ID($row['pdi_id']); $ret[$worksheet_name]['stigs'][$row['stig_id']] = [ - 'echecklist' => $echk, + 'echecklist' => $echk, "{$row['tgt_name']}" => $row['finding_status'], - 'chk_id' => $row['chk_id'] + 'chk_id' => $row['chk_id'] ]; - if (!in_array($row['stig_id'], $stigs)) { + if (! in_array($row['stig_id'], $stigs)) { $stigs[] = $row['stig_id']; } - } - else { + } else { $ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status']; $ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . PHP_EOL); } @@ -3259,48 +3402,47 @@ class db $where = [ [ 'field' => 'gof.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ] ]; if (is_array($stigs) && count($stigs) && isset($stigs[0]) && is_a($stigs[0], 'stig')) { $where[] = [ - 'field' => 'gof.stig_id', - 'op' => NOT_IN, - 'value' => $stigs, + 'field' => 'gof.stig_id', + 'op' => NOT_IN, + 'value' => $stigs, 'sql_op' => 'AND' ]; } - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ - 'field' => 'gof.status', - 'op' => '=', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'gof.status', + 'op' => '=', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'gof.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'gof.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { unset($where[2]['open-paren']); } } - if (!is_null($category)) { + if (! is_null($category)) { $where[] = [ - 'field' => 'gof.cat', - 'op' => '=', - 'value' => $category, + 'field' => 'gof.cat', + 'op' => '=', + 'value' => $category, 'sql_op' => 'AND' ]; } @@ -3308,27 +3450,36 @@ class db $this->help->select("sagacity.get_orphan_findings gof", null, $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { $worksheet_name = "Orphan"; - $class = ['U' => 1, 'FOUO' => 2, 'S' => 3]; + $class = [ + 'U' => 1, + 'FOUO' => 2, + 'S' => 3 + ]; foreach ($rows as $row) { - if (!isset($ret[$worksheet_name])) { - $ret[$worksheet_name] = ['target_list' => [], 'checklists' => [], 'stigs' => [], 'highest_class' => 'U']; + if (! isset($ret[$worksheet_name])) { + $ret[$worksheet_name] = [ + 'target_list' => [], + 'checklists' => [], + 'stigs' => [], + 'highest_class' => 'U' + ]; } - if (!in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { + if (! in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { $ret[$worksheet_name]['checklists'][] = $row['chk_id']; } - if (!isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { + if (! isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { $ret[$worksheet_name]['target_list'][$row['tgt_name']] = (is_array($ret[$worksheet_name]['target_list']) ? count($ret[$worksheet_name]['target_list']) + 6 : 7); - $sql2 = "SELECT t.`class` " . - "FROM `sagacity`.`target` t " . - "WHERE t.`name` = '" . $this->conn->real_escape_string($row['tgt_name']) . "'"; + $sql2 = "SELECT t.`class` " . "FROM `sagacity`.`target` t " . "WHERE t.`name` = '" . $this->conn->real_escape_string($row['tgt_name']) . "'"; if ($res2 = $this->conn->query($sql2)) { $row2 = $res2->fetch_assoc(); if (isset($class[$row2['class']]) && isset($class[$ret[$worksheet_name]['highest_class']])) { @@ -3339,22 +3490,20 @@ class db } } - if (!isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { - if (!empty($row['finding_ia_controls'])) { + if (! isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { + if (! empty($row['finding_ia_controls'])) { $ia = explode(" ", $row['finding_ia_controls']); - } - else { + } else { $ia = explode(" ", $row['ia_controls']); } - $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); + $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); $echk->set_PDI_ID($row['pdi_id']); $ret[$worksheet_name]['stigs'][$row['stig_id']] = [ - 'echecklist' => $echk, + 'echecklist' => $echk, $row['tgt_name'] => $row['finding_status'], - 'chk_id' => $row['chk_id'] + 'chk_id' => $row['chk_id'] ]; - } - else { + } else { $ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status']; $ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . "\r"); } @@ -3368,78 +3517,79 @@ class db * Add a checklist to database * * @param checklist $checklist_in - * The checklist that we want to add to the database + * The checklist that we want to add to the database * - * @return integer - * Returns the id of the checklist inserted, or 0 if failed + * @return integer Returns the id of the checklist inserted, or 0 if failed */ public function save_Checklist($checklist_in) { if (empty($checklist_in->id)) { $this->help->insert("sagacity.checklist", array( 'checklist_id' => $checklist_in->checklist_id, - 'name' => $checklist_in->name, - 'description' => $checklist_in->description, - 'date' => $checklist_in->date, - 'file_name' => $checklist_in->file_name, - 'release' => $checklist_in->release, - 'ver' => $checklist_in->ver, - 'type' => $checklist_in->type, - 'icon' => $checklist_in->icon - ), true); + 'name' => $checklist_in->name, + 'description' => $checklist_in->description, + 'date' => $checklist_in->date, + 'file_name' => $checklist_in->file_name, + 'release' => $checklist_in->release, + 'ver' => $checklist_in->ver, + 'type' => $checklist_in->type, + 'icon' => $checklist_in->icon + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); - } - else { + } else { $chk_id = $this->conn->insert_id; } if (is_array($checklist_in->sw) && count($checklist_in->sw)) { $fields = [ - 'chk_id', 'sw_id' + 'chk_id', + 'sw_id' ]; $params = []; foreach ($checklist_in->sw as $sw) { if (is_a($sw, 'software') && $sw->get_ID()) { - $params[] = [$chk_id, $sw->get_ID()]; + $params[] = [ + $chk_id, + $sw->get_ID() + ]; } } if (count($params)) { $this->help->extended_insert('checklist_software_lookup', $fields, $params, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } } } - } - else { + } else { $this->help->update('checklist', [ 'checklist_id' => $checklist_in->checklist_id, - 'name' => $checklist_in->name, - 'description' => $checklist_in->description, - 'date' => $checklist_in->date, - 'file_name' => $checklist_in->file_name, - 'release' => $checklist_in->release, - 'ver' => $checklist_in->ver, - 'type' => $checklist_in->type, - 'icon' => $checklist_in->icon - ], [ + 'name' => $checklist_in->name, + 'description' => $checklist_in->description, + 'date' => $checklist_in->date, + 'file_name' => $checklist_in->file_name, + 'release' => $checklist_in->release, + 'ver' => $checklist_in->ver, + 'type' => $checklist_in->type, + 'icon' => $checklist_in->icon + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_in->id ] ]); $chk_id = $checklist_in->id; - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -3448,24 +3598,30 @@ class db $this->help->delete("checklist_software_lookup", [ [ 'field' => 'chk_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_in->id ] ]); $this->help->execute(); - $field = ['chk_id', 'sw_id']; + $field = [ + 'chk_id', + 'sw_id' + ]; $params = []; foreach ($checklist_in->sw as $sw) { if ($sw->get_ID()) { - $params[] = [$chk_id, $sw->get_ID()]; + $params[] = [ + $chk_id, + $sw->get_ID() + ]; } } if (is_array($params) && count($params)) { $this->help->extended_insert("checklist_software_lookup", $field, $params, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -3482,25 +3638,29 @@ class db * Function to retrieve CVE object * * @param string $cve_id - * CVE to query from the database + * CVE to query from the database * - * @return cve|NULL - * Returns CVE and associated references or null is nothing found + * @return cve|NULL Returns CVE and associated references or null is nothing found */ public function get_CVE($cve_id) { $cve = null; $this->help->select("sagacity.cve_db", array( - "cve_db.cve_id", "cve.pdi_id", "cve_db.seq", "cve_db.status", - "cve_db.phase", "cve_db.phase_date", "cve_db.desc" - ), array( + "cve_db.cve_id", + "cve.pdi_id", + "cve_db.seq", + "cve_db.status", + "cve_db.phase", + "cve_db.phase_date", + "cve_db.desc" + ), array( array( 'field' => 'cve_db.cve_id', - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.cve ON cve.cve_id=cve_db.cve_id" ) @@ -3518,17 +3678,21 @@ class db $cve->set_Phase_Date($row['phase_date']); $cve->set_Description($row['desc']); - $this->help->select("sagacity.iavm_to_cve itc", array("itc.noticeId"), array( + $this->help->select("sagacity.iavm_to_cve itc", array( + "itc.noticeId" + ), array( array( 'field' => "itc.cve_id", - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) )); $iavm_rows = $this->help->execute(); if (is_array($iavm_rows) && count($iavm_rows) && isset($iavm_rows['noticeId'])) { - $iavm_rows = array(0 => $iavm_rows); + $iavm_rows = array( + 0 => $iavm_rows + ); } if (is_array($iavm_rows) && count($iavm_rows) && isset($iavm_rows[0])) { @@ -3537,17 +3701,24 @@ class db } } - $this->help->select("sagacity.cve_references", array('id', 'source', 'url', 'val'), array( + $this->help->select("sagacity.cve_references", array( + 'id', + 'source', + 'url', + 'val' + ), array( array( 'field' => 'cve_seq', - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) )); $ref_rows = $this->help->execute(); if (is_array($ref_rows) && count($ref_rows) && isset($ref_rows['id'])) { - $ref_rows = array(0 => $ref_rows); + $ref_rows = array( + 0 => $ref_rows + ); } if (is_array($ref_rows) && count($ref_rows) && isset($ref_rows[0])) { @@ -3564,23 +3735,17 @@ class db * Getter function to retrieve CVE's by their link to a PDI * * @param integer $pdi_id - * PDI ID that we want to find CVE's for + * PDI ID that we want to find CVE's for * - * @return NULL|array:cve - * Returns an array of CVEs for each one found that links to a PDI or NULL if none found + * @return NULL|array:cve Returns an array of CVEs for each one found that links to a PDI or NULL if none found */ public function get_CVEs_By_PDI($pdi_id) { $ret = []; - $sql = "SELECT " . - "cve_db.`cve_id`,cve.`pdi_id`,cve_db.`seq`,cve_db.`status`," . - "cve_db.`phase`,cve_db.`phase_date`,cve_db.`desc` " . - "FROM `sagacity`.`cve_db` " . - "LEFT JOIN `sagacity`.`cve` ON cve.`cve_id` = cve_db.`cve_id` " . - "WHERE cve.`pdi_id` = " . $this->conn->real_escape_string($pdi_id); + $sql = "SELECT " . "cve_db.`cve_id`,cve.`pdi_id`,cve_db.`seq`,cve_db.`status`," . "cve_db.`phase`,cve_db.`phase_date`,cve_db.`desc` " . "FROM `sagacity`.`cve_db` " . "LEFT JOIN `sagacity`.`cve` ON cve.`cve_id` = cve_db.`cve_id` " . "WHERE cve.`pdi_id` = " . $this->conn->real_escape_string($pdi_id); if ($res = $this->conn->query($sql)) { - if (!$res->num_rows) { + if (! $res->num_rows) { return null; } while ($row = $res->fetch_assoc()) { @@ -3594,9 +3759,7 @@ class db $cve->set_Phase_Date($row['phase_date']); $cve->set_Description($row['desc']); - $sql = "SELECT itc.`noticeId` " . - "FROM `sagacity`.`iavm_to_cve` itc " . - "WHERE itc.`cve_id`='" . $this->conn->real_escape_string($cve_id) . "'"; + $sql = "SELECT itc.`noticeId` " . "FROM `sagacity`.`iavm_to_cve` itc " . "WHERE itc.`cve_id`='" . $this->conn->real_escape_string($cve_id) . "'"; if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -3606,9 +3769,7 @@ class db } } - $sql = "SELECT `id`,`source`,`url`,`val` " . - "FROM `sagacity`.`cve_references` " . - "WHERE `cve_seq`='" . $this->conn->real_escape_string($cve_id) . "'"; + $sql = "SELECT `id`,`source`,`url`,`val` " . "FROM `sagacity`.`cve_references` " . "WHERE `cve_seq`='" . $this->conn->real_escape_string($cve_id) . "'"; if ($res2 = $this->conn->query($sql)) { while ($row2 = $res2->fetch_assoc()) { @@ -3616,16 +3777,14 @@ class db } $ret[] = $cve; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -3637,19 +3796,13 @@ class db * Get a CVE from a external reference * * @param string $ext - * String of the external reference we are looking for + * String of the external reference we are looking for * - * @return cve|NULL - * Returns the CVE that references that external data point or NULL if none found + * @return cve|NULL Returns the CVE that references that external data point or NULL if none found */ public function get_CVE_From_External($ext) { - $sql = "SELECT `cve_seq` " . - "FROM `sagacity`.`cve_references` " . - "WHERE `url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`val` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `cve_seq` " . - "ORDER BY `cve_seq` DESC"; + $sql = "SELECT `cve_seq` " . "FROM `sagacity`.`cve_references` " . "WHERE `url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`val` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `cve_seq` " . "ORDER BY `cve_seq` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { @@ -3666,10 +3819,9 @@ class db * Update or insert a CVE * * @param array:cve $cves - * Array of CVEs to save to database + * Array of CVEs to save to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_CVE($cves) { @@ -3677,32 +3829,32 @@ class db foreach ($cves as $cve) { $db_cve = $this->get_CVE($cve->get_CVE()); - if (!is_null($db_cve) && is_a($db_cve, 'cve')) { + if (! is_null($db_cve) && is_a($db_cve, 'cve')) { $this->help->update("sagacity.cve_db", array( - 'status' => $cve->get_Status(), - 'phase' => $cve->get_Phase(), + 'status' => $cve->get_Status(), + 'phase' => $cve->get_Phase(), 'phase_date' => $cve->get_Phase_Date(), - 'desc' => $cve->get_Description() - ), array( + 'desc' => $cve->get_Description() + ), array( array( 'field' => 'cve_id', - 'op' => '=', + 'op' => '=', 'value' => $cve->get_CVE() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } - if (!$db_cve->get_PDI_ID() && $cve->get_PDI_ID()) { + if (! $db_cve->get_PDI_ID() && $cve->get_PDI_ID()) { $this->help->insert("sagacity.cve", array( 'pdi_id' => $cve->get_PDI_ID(), 'cve_id' => $cve->get_CVE() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3710,7 +3862,7 @@ class db $vals = []; foreach ($cve->get_References() as $ref) { - if (!$db_cve->ref_Exists($ref->get_Value())) { + if (! $db_cve->ref_Exists($ref->get_Value())) { $vals[] = [ $cve->get_CVE(), $ref->get_Source(), @@ -3721,24 +3873,28 @@ class db } if (is_array($vals) && count($vals)) { - $this->help->extended_insert("cve_references", ['cve_seq', 'source', 'url', 'val'], $vals, true); - if (!$this->help->execute()) { + $this->help->extended_insert("cve_references", [ + 'cve_seq', + 'source', + 'url', + 'val' + ], $vals, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } } - } - else { + } else { $this->help->insert("cve_db", [ - 'cve_id' => $cve->get_CVE(), - 'seq' => $cve->get_Sequence(), - 'status' => $cve->get_Status(), - 'phase' => $cve->get_Phase(), + 'cve_id' => $cve->get_CVE(), + 'seq' => $cve->get_Sequence(), + 'status' => $cve->get_Status(), + 'phase' => $cve->get_Phase(), 'phase_date' => $cve->get_Phase_Date(), - 'desc' => $cve->get_Description() - ], true); + 'desc' => $cve->get_Description() + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3747,9 +3903,9 @@ class db $this->help->insert("sagacity.cve", [ 'pdi_id' => $cve->get_PDI_ID(), 'cve_id' => $cve->get_CVE() - ], true); + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3767,8 +3923,13 @@ class db } if (is_array($ref_vals) && count($ref_vals)) { - $this->help->extended_insert("cve_references", ['cve_seq', 'source', 'url', 'val'], $ref_vals, true); - if (!$this->help->execute()) { + $this->help->extended_insert("cve_references", [ + 'cve_seq', + 'source', + 'url', + 'val' + ], $ref_vals, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3778,8 +3939,8 @@ class db if ($cve->get_XML()) { $this->help->insert("cve_web", [ 'cve_id' => $cve->get_CVE(), - 'xml' => $cve->get_XML() - ], true); + 'xml' => $cve->get_XML() + ], true); $this->help->execute(); } @@ -3796,39 +3957,35 @@ class db * Get an eChecklist for a checklist and list of targets * * @param mixed $ref - * The reference to search for (can consist of any data that is referenced in an eChecklist line + * The reference to search for (can consist of any data that is referenced in an eChecklist line * @param integer $chk_id * - * @return NULL|echecklist - * Returns eChecklist for associated checklists and reference + * @return NULL|echecklist Returns eChecklist for associated checklists and reference */ public function get_eChecklist($ref, $chk_id) { - $ret = null; + $ret = null; $where = []; if (is_a($ref, "stig")) { $where[] = [ 'field' => 's.stig_id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - elseif (is_a($ref, "golddisk")) { + } elseif (is_a($ref, "golddisk")) { $where[] = [ 'field' => 'v.vms_id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - elseif (is_a($ref, "pdi")) { + } elseif (is_a($ref, "pdi")) { $where[] = [ 'field' => 'pdi.id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - else { + } else { error_log("No reference to search for"); return $ret; } @@ -3839,17 +3996,19 @@ class db "v.vms_id", "pdi.short_title", "IF(pdi.cat=1,'I',IF(pdi.cat=2,'II',IF(pdi.cat=3,'III',''))) as 'cat'" - ], $where, [ + ], $where, [ 'table_joins' => [ "LEFT JOIN stigs s ON s.pdi_id = pdi.id", "LEFT JOIN golddisk v ON v.pdi_id = pdi.id" ], - 'group' => 's.stig_id' + 'group' => 's.stig_id' ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -3857,23 +4016,25 @@ class db $ret = new echecklist($row['stig_id'], $row['vms_id'], $row['cat'], null, $row['short_title'], null, null, null, null); $ret->set_PDI_ID($row['pdi_id']); - $this->help->select("pdi_checklist_lookup pcl", ['pcl.check_contents'], [ + $this->help->select("pdi_checklist_lookup pcl", [ + 'pcl.check_contents' + ], [ [ 'field' => 'pcl.checklist_id', - 'op' => IN, + 'op' => IN, 'value' => (is_array($chk_id) ? implode(",", $chk_id) : $chk_id) ], [ - 'field' => 'pcl.pdi_id', - 'op' => '=', - 'value' => $row['pdi_id'], + 'field' => 'pcl.pdi_id', + 'op' => '=', + 'value' => $row['pdi_id'], 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "JOIN sagacity.checklist c ON c.id = pcl.checklist_id" ], - 'order' => "FIELD(c.`type`, 'manual', 'iavm', 'policy', 'benchmark')" + 'order' => "FIELD(c.`type`, 'manual', 'iavm', 'policy', 'benchmark')" ]); $row2 = $this->help->execute(); @@ -3898,26 +4059,23 @@ class db public function get_Filters($type, $name = null) { $ret = []; - $sql = "SELECT `type`, `name`, `criteria` " . - "FROM `sagacity`.`search_filters` " . - "WHERE `type` = '" . $this->conn->real_escape_string($type) . "'"; + $sql = "SELECT `type`, `name`, `criteria` " . "FROM `sagacity`.`search_filters` " . "WHERE `type` = '" . $this->conn->real_escape_string($type) . "'"; - if (!is_null($name)) { + if (! is_null($name)) { $sql .= " AND `name` = '" . $this->conn->real_escape_string($name) . "'"; } if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $ret[] = array( - 'type' => $row['type'], - 'name' => $row['name'], + 'type' => $row['type'], + 'name' => $row['name'], 'criteria' => $row['criteria'] ); } return $ret; - } - else { + } else { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -3937,12 +4095,12 @@ class db public function save_Filter($type, $name, $criteria) { $this->help->insert("sagacity.search_filters", [ - 'name' => $name, - 'type' => $type, + 'name' => $name, + 'type' => $type, 'criteria' => $criteria ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3956,89 +4114,92 @@ class db * Get finding(s) for a specific target from the database * * @param target $tgt - * The target that we want findings for - * @param stig|golddisk|iavm|nessus $ref [optional] - * Get a finding associated with a specific PDI (default null) - * @param scan $scan [optional] - * Get findings associated with a specific scan (default null) - * @param boolean $orphan_only [optional] - * Only retrieve orphaned findings (default false) - * @param string $status [optional] - * Limit the retrieval to findings with this status (default null) + * The target that we want findings for + * @param stig|golddisk|iavm|nessus $ref + * [optional] + * Get a finding associated with a specific PDI (default null) + * @param scan $scan + * [optional] + * Get findings associated with a specific scan (default null) + * @param boolean $orphan_only + * [optional] + * Only retrieve orphaned findings (default false) + * @param string $status + * [optional] + * Limit the retrieval to findings with this status (default null) * - * @return array:finding|NULL - * Returns array of findings + * @return array:finding|NULL Returns array of findings */ public function get_Finding($tgt, $ref = null, $scan = null, $orphan_only = false, $status = null) { - $ret = null; + $ret = null; $where = [ [ 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt->get_ID() ] ]; - if (!is_null($scan)) { + if (! is_null($scan)) { $where[] = [ - 'field' => 'scan_id', - 'op' => '=', - 'value' => $scan->get_ID(), + 'field' => 'scan_id', + 'op' => '=', + 'value' => $scan->get_ID(), 'sql_op' => 'AND' ]; } - if (!is_null($ref) && method_exists($ref, 'get_PDI_ID')) { + if (! is_null($ref) && method_exists($ref, 'get_PDI_ID')) { $where[] = [ - 'field' => 'pdi_id', - 'op' => '=', - 'value' => $ref->get_PDI_ID(), + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $ref->get_PDI_ID(), 'sql_op' => 'AND' ]; } $this->help->select("sagacity.findings", null, $where); - if (!is_null($status)) { + if (! is_null($status)) { $this->help->sql = "SELECT " . - "f.`id`, {$tgt->get_ID()} as 'tgt_id', pdi.`id` as 'pdi_id', f.`scan_id`, " . - "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat`, " . - "IF(f.`findings_status_id` IS NOT NULL, " . - "f.`findings_status_id`, " . - "(SELECT fs.`id` " . - "FROM `sagacity`.`findings_status` fs " . - "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}')" . - ") as 'findings_status' " . - "FROM `sagacity`.`pdi_catalog` pdi " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` lookup ON lookup.`pdi_id` = pdi.`id` " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = lookup.`checklist_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pdi.`id` AND " . - "f.`tgt_id` = {$this->conn->real_escape_string($tgt->get_ID())} " . - "WHERE tc.`tgt_id` = {$tgt->get_ID()} AND " . - "(f.`findings_status_id` = (" . - "SELECT fs.`id` " . - "FROM `sagacity`.`findings_status` fs " . - "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}'" . - ") OR " . - "f.`findings_status_id` IS NULL) " . - "GROUP BY pdi.id"; + "f.`id`, {$tgt->get_ID()} as 'tgt_id', pdi.`id` as 'pdi_id', f.`scan_id`, " . + "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat`, " . + "IF(f.`findings_status_id` IS NOT NULL, " . + "f.`findings_status_id`, " . + "(SELECT fs.`id` " . + "FROM `sagacity`.`findings_status` fs " . + "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}')" . + ") as 'findings_status' " . + "FROM `sagacity`.`pdi_catalog` pdi " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` lookup ON lookup.`pdi_id` = pdi.`id` " . + "LEFT JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = lookup.`checklist_id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pdi.`id` AND f.`tgt_id` = {$tgt->get_ID()} " . + "WHERE tc.`tgt_id` = {$tgt->get_ID()} AND " . + "(f.`findings_status_id` = (" . + "SELECT fs.`id` " . + "FROM `sagacity`.`findings_status` fs " . + "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}'" . ") OR " . + "f.`findings_status_id` IS NULL) " . + "GROUP BY pdi.id"; } if ($orphan_only) { - $this->help->select("sagacity.findings f", ['f.*'], [ + $this->help->select("sagacity.findings f", [ + 'f.*' + ], [ [ 'field' => 'f.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt->get_ID() ], [ - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN pdi_checklist_lookup pcl ON f.pdi_id=pcl.pdi_id", "LEFT JOIN target_checklist tc ON tc.chk_id=pcl.checklist_id", @@ -4049,42 +4210,57 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { - $find = new finding($row['id'], $row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); + $find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); $find->set_Category($row['cat']); - $this->help->select("finding_controls", ['ia_control'], [ + $this->help->select("finding_controls", [ + 'ia_control' + ], [ [ - 'field' => 'finding_id', - 'op' => '=', - 'value' => $row['id'] + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $row['tgt_id'] + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $row['pdi_id'], + 'sql_op' => 'AND' ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['ia_control'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $row2) { $find->add_IA_Control($row2['ia_control']); } - } - else { - $this->help->select("ia_controls", ["CONCAT(`type`, '-', `type_id`) AS 'ia_control'"], [ + } else { + $this->help->select("ia_controls", [ + "CONCAT(`type`, '-', `type_id`) AS 'ia_control'" + ], [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $row['pdi_id'] ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['ia_control'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $row2) { @@ -4110,45 +4286,46 @@ class db */ public function get_Findings_by_Control($ste, $ia_ctrl, $status = null) { - if (!is_null($status)) { + if (! is_null($status)) { if ($status == "Open") { $status = " AND (fs.`status` = 'Open' OR fs.`status` = 'Exception')"; - } - else { + } else { $status = " AND fs.`status` = '" . $this->conn->real_escape_string($status) . "'"; } } - $sql = "SELECT " . - "f.`id`, f.`tgt_id`, f.`pdi_id`, f.`scan_id`, f.`findings_status_id` as 'findings_status', " . - "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat` " . - "FROM `sagacity`.`findings` f " . - "JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`stigs` s ON s.`pdi_id` = f.`pdi_id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE t.`ste_id` = " . $ste->get_ID() . " AND " . - "fc.`ia_control` = '" . $this->conn->real_escape_string($ia_ctrl->get_Control_ID()) . "'" . - (!is_null($status) ? $status : "") . " " . - "GROUP BY f.`pdi_id` " . - "ORDER BY f.`cat`, s.`stig_id`" - ; + $sql = <<get_ID()} AND + fc.`ia_control` = '{$this->conn->real_escape_string($ia_ctrl->get_Control_ID())}' + $status +GROUP BY f.`pdi_id` +ORDER BY f.`cat`, s.`stig_id` + +EOQ; if ($res = $this->conn->query($sql)) { $ret = []; while ($row = $res->fetch_assoc()) { - $find = new finding($row['id'], $row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); + $find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); $find->set_Category($row['cat']); - $sql2 = "SELECT `ia_control` FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $row['id']; + $sql2 = "SELECT `ia_control` FROM `sagacity`.`finding_controls` WHERE `tgt_id` = {$row['tgt_id']} AND `pdi_id` = {$row['pdi_id']}"; if ($res2 = $this->conn->query($sql2)) { if ($res2->num_rows) { while ($row2 = $res2->fetch_assoc()) { $find->add_IA_Control($row2['ia_control']); } - } - else { + } else { $sql2 = "SELECT CONCAT(`type`, '-', `type_id`) AS 'ia_control' FROM `sagacity`.`ia_controls` WHERE `pdi_id` = " . $row['pdi_id']; if ($res2 = $this->conn->query($sql2)) { while ($row2 = $res2->fetch_assoc()) { @@ -4162,8 +4339,7 @@ class db } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -4180,12 +4356,16 @@ class db */ public function get_Affected_Hosts_by_PDI($ste, $pdi) { - $sql = "SELECT (SELECT GROUP_CONCAT(DISTINCT t.`name` SEPARATOR ', ')) AS 'name' " . - "FROM `sagacity`.`findings` f " . - "JOIN `sagacity`.`target` t ON f.`tgt_id` = t.`id` " . - "WHERE t.`ste_id` = " . $ste->get_ID() . " AND " . - "f.`pdi_id` = " . $pdi->get_ID() - ; + $sql = <<get_ID()} AND + f.`pdi_id` = {$pdi->get_ID()} + +EOQ; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['name']; @@ -4206,23 +4386,22 @@ class db $ret = []; $this->help->create_table("unaccounted_for_findings", [ [ - 'field' => 'pdi_id', + 'field' => 'pdi_id', 'datatype' => 'int(11)', - 'option' => 'UNIQUE NOT NULL' + 'option' => 'UNIQUE NOT NULL' ] ]); $this->help->execute(); $sql = "INSERT IGNORE INTO `unaccounted_for_findings` (`pdi_id`) SELECT DISTINCT(f.`pdi_id`) " . "FROM `findings` f JOIN `target` t ON t.`id` = f.`tgt_id` " . - "WHERE t.`ste_id` = " . $ste->get_ID(); + "WHERE t.`ste_id` = {$ste->get_ID()}"; $this->conn->real_query($sql); $class = 'cl'; if ($ste->get_System()->get_Classification() == 'Public') { $class = 'pub'; - } - elseif ($ste->get_System()->get_Classification() == 'Sensitive') { + } elseif ($ste->get_System()->get_Classification() == 'Sensitive') { $class = 'sen'; } @@ -4230,8 +4409,8 @@ class db "FROM `proc_level_type` plt " . "JOIN `ia_controls` ia ON CONCAT(ia.`type`, '-', ia.`type_id`) = plt.`proc_control` " . "WHERE " . - "plt.`level` = " . $ste->get_System()->get_MAC() . " AND " . - "plt.`class` = '$class')"; + "plt.`level` = {$ste->get_System()->get_MAC()} AND " . + "plt.`class` = '$class')"; $this->conn->real_query($sql); $sql = "SELECT s.`stig_id` FROM `unaccounted_for_findings` uaf JOIN `stigs` s ON s.`pdi_id` = uaf.`pdi_id`"; @@ -4242,7 +4421,7 @@ class db if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { $stig = $stig[0]; } - if (!preg_match("/^\d{5}$/", $stig->get_ID())) { + if (! preg_match("/^\d{5}$/", $stig->get_ID())) { $ret[] = $stig; } } @@ -4255,16 +4434,17 @@ class db * Get count of all findings with the status passed in * * @param integer $cat_id - * The category we are searching + * The category we are searching * @param string $status - * The status to look for - * @param integer $cat [optional] - * The CAT/severity level - * @param proc_ia_controls $ctrl [optional] - * A IA control to filter for + * The status to look for + * @param integer $cat + * [optional] + * The CAT/severity level + * @param proc_ia_controls $ctrl + * [optional] + * A IA control to filter for * - * @return integer - * Returns the number of findings in the category that have the passed in status, severity, and control + * @return integer Returns the number of findings in the category that have the passed in status, severity, and control */ public function get_Finding_Count_By_Status($cat_id, $status, $cat = null, $ctrl = null) { @@ -4274,8 +4454,8 @@ class db "LEFT JOIN findings f ON f.pdi_id = pcl.pdi_id AND t.id = f.tgt_id", "LEFT JOIN findings_status fs ON fs.id = f.findings_status_id" ]; - if (!is_null($ctrl)) { - $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; + if (! is_null($ctrl)) { + $joins[] = "JOIN finding_controls fc ON fc.tgt_id = f.tgt_id AND fc.pdi_id = f.pdi_id"; } $where = [ @@ -4284,46 +4464,47 @@ class db 'value' => $cat_id ], [ - 'field' => 'fs.status', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'fs.status', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ] ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'fs.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'fs.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { $where[] = [ 'close-paren' => true ]; } - if (!is_null($cat) && is_numeric($cat)) { + if (! is_null($cat) && is_numeric($cat)) { $where[] = [ - 'field' => 'f.cat', - 'value' => $cat, + 'field' => 'f.cat', + 'value' => $cat, 'sql_op' => 'AND' ]; } - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { $where[] = [ - 'field' => 'fc.ia_control', - 'value' => $ctrl->get_Control_ID(), + 'field' => 'fc.ia_control', + 'value' => $ctrl->get_Control_ID(), 'sql_op' => 'AND' ]; } - $field = ($status == 'Not Reviewed' ? "COUNT(DISTINCT(pcl.pdi_id)) AS 'count'" : "COUNT(DISTINCT(f.id)) AS 'count'"); - $this->help->select_count("target t", $where, ['table_joins' => $joins]); + $field = ($status == 'Not Reviewed' ? "COUNT(DISTINCT(pcl.pdi_id)) AS 'count'" : "COUNT(DISTINCT(f.id)) AS 'count'"); + $this->help->select_count("target t", $where, [ + 'table_joins' => $joins + ]); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt = $this->help->execute(); @@ -4335,8 +4516,8 @@ class db "JOIN target t ON t.id = f.tgt_id" ]; - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { - $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + $joins[] = "JOIN finding_controls fc ON fc.tgt_id = f.tgt_id AND fc.pdi_id = f.pdi_id"; } $where = [ @@ -4345,50 +4526,51 @@ class db 'value' => $cat_id ], [ - 'field' => 'c.name', - 'value' => 'Orphan', + 'field' => 'c.name', + 'value' => 'Orphan', 'sql_op' => 'AND' ], [ - 'field' => 'fs.status', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'fs.status', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ] ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'fs.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'fs.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { - $where[] =[ + } else { + $where[] = [ 'close-paren' => true ]; } - if (!is_null($cat) && is_numeric($cat)) { + if (! is_null($cat) && is_numeric($cat)) { $where[] = [ - 'field' => 'f.cat', - 'value' => $cat, + 'field' => 'f.cat', + 'value' => $cat, 'sql_op' => 'AND' ]; } - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { $where[] = [ - 'field' => 'fc.ia_control', - 'value' => $ctrl->get_Control_ID(), + 'field' => 'fc.ia_control', + 'value' => $ctrl->get_Control_ID(), 'sql_op' => 'AND' ]; } - $this->help->select_count("checklist c", $where, array('table_joins' => $joins)); + $this->help->select_count("checklist c", $where, array( + 'table_joins' => $joins + )); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt += $this->help->execute(); @@ -4400,55 +4582,66 @@ class db * Get count of all findings with the status passed in * * @param ste $ste - * The category we are searching + * The category we are searching * @param string $status - * The status to look for + * The status to look for * @param integer $cat - * The CAT/severity level + * The CAT/severity level * @param proc_ia_controls $ctrl - * A IA control to filter for + * A IA control to filter for * - * @return integer - * Returns the number of findings with status + * @return integer Returns the number of findings with status */ public function get_STE_Finding_Count_By_Status($ste, $status, $cat = null, $ctrl = null) { - $sql = "SELECT " . - ($status == 'Not Reviewed' ? "(SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "(SELECT COUNT(DISTINCT(f.`id`))") . - "FROM `sagacity`.`target` t " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`ste_id` = " . $this->conn->real_escape_string($ste->get_ID()) . " AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ")" . - " + " . - ($status == 'Not Reviewed' ? "(SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "(SELECT COUNT(DISTINCT(f.`id`))") . - "FROM `sagacity`.`checklist` c " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`ste_id` = " . $this->conn->real_escape_string($ste->get_ID()) . " AND " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ") AS 'sum_count'"; + $field = ($status == 'Not Reviewed' ? "SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "SELECT COUNT(DISTINCT(f.`id`))"); + $ctrl_join = (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : ""); + $status_clause = ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""); + $cat_clause = (! is_null($cat) ? "AND f.`cat` = $cat " : ""); + $ctrl_clause = (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : ""); + $sql = <<conn->real_escape_string($ste->get_ID())} AND + ( + fs.`status` = '{$this->conn->real_escape_string($status)}' + $status_clause + ) + $cat_clause + $ctrl_clause +) + + +( + $field + FROM `sagacity`.`checklist` c + LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` + LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` + LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` + JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` + $ctrl_join + WHERE + t.`ste_id` = {$this->conn->real_escape_string($ste->get_ID())} AND + c.`name` = 'Orphan' AND + ( + fs.`status` = '{$this->conn->real_escape_string($status)}' + $status_clause + ) + $cat_clause + $ctrl_clause +) AS 'sum_count' + +EOQ; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4457,61 +4650,60 @@ class db * Get count of all findings with the status passed in * * @param target $tgt - * The target we are searching + * The target we are searching * @param string $status - * The status to look for - * @param integer $cat [optional] - * The CAT/severity level - * @param proc_ia_controls $ctrl [optional] - * A IA control to filter for - * @param array $chk_ids [optional] - * @param boolean $is_orphan [optional] + * The status to look for + * @param integer $cat + * [optional] + * The CAT/severity level + * @param proc_ia_controls $ctrl + * [optional] + * A IA control to filter for + * @param array $chk_ids + * [optional] + * @param boolean $is_orphan + * [optional] * - * @return integer - * Returns the number of findings with status 'False Positives' + * @return integer Returns the number of findings with status 'False Positives' */ public function get_Host_Finding_Count_By_Status($tgt, $status, $cat = null, $ctrl = null, $chk_ids = null, $is_orphan = false) { - if (!$is_orphan) { + if (! $is_orphan) { $sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " . - "FROM `sagacity`.`target` t " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`id` = " . $this->conn->real_escape_string($tgt->get_ID()) . " AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - (!is_null($chk_ids) ? "AND pcl.`checklist_id` IN (" . implode(", ", $chk_ids) . ") " : "") . - ")"; - } - else { + "FROM `sagacity`.`target` t " . + "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : "") . + "WHERE t.`id` = {$this->conn->real_escape_string($tgt->get_ID())} AND " . + "(fs.`status` = '{$this->conn->real_escape_string($status)}' " . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") " . + (! is_null($cat) ? "AND f.`cat` = $cat " : "") . + (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : "") . + (! is_null($chk_ids) ? "AND pcl.`checklist_id` IN (" . implode(", ", $chk_ids) . ") " : "") . + ")"; + } else { $sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " . - "FROM `sagacity`.`checklist` c " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`id` = " . $this->conn->real_escape_string($tgt->get_ID()) . " AND " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ")"; + "FROM `sagacity`.`checklist` c " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . + "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . + (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : "") . + "WHERE t.`id` = {$this->conn->real_escape_string($tgt->get_ID())} AND " . + "c.`name` = 'Orphan' AND " . + "(fs.`status` = '{$this->conn->real_escape_string($status)}' " . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") " . + (! is_null($cat) ? "AND f.`cat` = $cat " : "") . + (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : "") . + ")"; } $sql .= " AS 'sum_count'"; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4528,85 +4720,44 @@ class db public function get_Control_Finding_Count($ctrl, $ste, $status, $cat = null) { $sql = "SELECT " . - "IFNULL((SELECT COUNT(1) " . - "FROM `target` t " . - "LEFT JOIN `target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE " . - "(fs.`status` = '$status' " . - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") AND " . - (!is_null($cat) ? "f.`cat` = $cat AND " : "") . - (!is_null($ctrl) ? "fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' AND " : "") . - "t.`ste_id` = $ste " . - "GROUP BY f.`pdi_id`" . - "), 0)" . - " + " . - "IFNULL((SELECT COUNT(1) " . - "FROM `checklist` c " . - "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "LEFT JOIN `target` t ON t.`id` = f.`tgt_id` " . - "LEFT JOIN `finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '$status' " . - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") AND " . - (!is_null($cat) ? "f.`cat` = $cat AND " : "") . - (!is_null($ctrl) ? "fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' AND " : "") . - "t.`ste_id` = $ste " . - "GROUP BY f.`pdi_id`" . - "), 0) AS 'sum_count'"; - /* - $sql = "SELECT ". - "(SELECT COUNT(DISTINCT(f.`tgt_id`))". - "FROM `targets`.`target` t ". - "LEFT JOIN `targets`.`target_checklist` tc ON t.`id` = tc.`tgt_id` ". - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` ". - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` ". - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` ". - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : ""). - "WHERE t.`ste_id` = ".$this->conn->real_escape_string($ste->get_ID())." AND ". - "(fs.`status` = '".$this->conn->real_escape_string($status)."' ". - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : ""). - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : ""). - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""). - ") ". - (!is_null($ctrl) ? "AND fc.`ia_control` = '".$ctrl->get_Control_ID()."' " : ""). - ")". - - " + ". - - "(SELECT COUNT(DISTINCT(f.`tgt_id`))". - "FROM `sagacity`.`checklist` c ". - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` ". - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` ". - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` ". - "JOIN `targets`.`target` t ON t.`id` = f.`tgt_id` ". - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : ""). - "WHERE t.`ste_id` = ".$this->conn->real_escape_string($ste->get_ID())." AND ". - "c.`name` = 'Orphan' AND ". - "(fs.`status` = '".$this->conn->real_escape_string($status)."' ". - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : ""). - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : ""). - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""). - ") ". - (!is_null($ctrl) ? "AND fc.`ia_control` = '".$ctrl->get_Control_ID()."' " : ""). - ") AS 'sum_count'"; - */ + "IFNULL((SELECT COUNT(1) " . + "FROM `target` t " . + "LEFT JOIN `target_checklist` tc ON t.`id` = tc.`tgt_id` " . + "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . + "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . + "LEFT JOIN `findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " . + "WHERE " . + "(fs.`status` = '$status' " . + ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . + ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . + ") AND " . + (! is_null($cat) ? "f.`cat` = $cat AND " : "") . + (! is_null($ctrl) ? "fc.`ia_control` = '{$ctrl->get_Control_ID()}' AND " : "") . + "t.`ste_id` = $ste " . + "GROUP BY f.`pdi_id`" . "), 0)" . + " + " . + "IFNULL((SELECT COUNT(1) " . + "FROM `checklist` c " . + "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . + "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `findings_status` fs ON f.`findings_status_id` = fs.`id` " . + "LEFT JOIN `target` t ON t.`id` = f.`tgt_id` " . + "LEFT JOIN `finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " . + "WHERE " . + "c.`name` = 'Orphan' AND " . + "(fs.`status` = '$status' " . + ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . + ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") AND " . + (! is_null($cat) ? "f.`cat` = $cat AND " : "") . + (! is_null($ctrl) ? "fc.`ia_control` = '{$ctrl->get_Control_ID()}' AND " : "") . + "t.`ste_id` = $ste " . + "GROUP BY f.`pdi_id`" . "), 0) AS 'sum_count'"; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4621,19 +4772,26 @@ class db */ public function get_Finding_Notes($pdi_id, $tgt_id) { - $sql = "SELECT f.`notes` FROM `sagacity`.`findings` f " . - "WHERE f.`pdi_id` = " . $this->conn->real_escape_string($pdi_id) . - " AND f.`tgt_id` = " . $this->conn->real_escape_string($tgt_id); + $this->help->select("sagacity.findings", ['f.notes'], [ + [ + 'field' => 'f.pdi_id', + 'op' => '=', + 'value' => $pdi_id + ], + [ + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt_id, + 'sql_op' => 'AND' + ] + ]); - if ($res = $this->conn->query($sql)) { - if ($res->num_rows) { - $row = $res->fetch_assoc(); - return $row['notes']; - } - } - else { - error_log($this->conn->error); - Sagacity_Error::sql_handler($sql); + $rows = $this->help->execute(); + + if(is_array($rows) && count($rows) && isset($rows['notes'])) { + return $rows['notes']; + } elseif(is_array($rows) && count($rows) && isset($rows[0]) && isset($rows[0]['notes'])) { + return $rows[0]['notes']; } return null; @@ -4642,15 +4800,14 @@ class db /** * Function to determine how pervasive a finding is across all targets * - * @TODO - FINISH + * @todo - FINISH * * @param ste $ste * @param proc_ia_controls $ia_ctrl * @param string $status */ public function get_Finding_Pervasivity_by_Control($ste, $ia_ctrl, $status = null) - { - } + {} /** * Function to return all the possible finding statuses @@ -4659,22 +4816,24 @@ class db */ public function get_Finding_Statuses() { - $sql = "SELECT `id`, `status` " . - "FROM `sagacity`.`findings_status`"; + $this->help->select("sagacity.findings_status", null); + $rows = $this->help->execute(); $ret = []; - if ($res = $this->conn->query($sql)) { - while ($row = $res->fetch_assoc()) { - $status = new finding_status(); - $status->id = $row['id']; - $status->status = $row['status']; + if(is_array($rows) && count($rows) && isset($rows[0])) { + foreach($rows as $row) { + $s = new finding_status(); + $s->id = $row['id']; + $s->status = $row['status']; - $ret[] = $status; + $ret[] = $s; } - } - else { - error_log($this->conn->error); - Sagacity_Error::sql_handler($sql); + } elseif(is_array($rows) && count($rows) && isset($rows['id'])) { + $s = new finding_status(); + $s->id = $rows['id']; + $s->status = $rows['status']; + + $ret[] = $s; } return $ret; @@ -4690,60 +4849,60 @@ class db */ public function get_Finding_Comparrison($left_tgt, $right_tgt) { - $ret = []; - $left_sql = "SELECT " . - "s.`stig_id`, pcl.`check_contents`, " . - "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . - "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . - "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . - "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . - "FROM `sagacity`.`finding_controls` fc " . - "WHERE fc.`finding_id` = f.`id`) AS 'finding_ia_controls', " . - "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . - "FROM `sagacity`.`ia_controls` ia " . - "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . - "FROM `sagacity`.`checklist` chk " . - "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . - "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . - "WHERE tgt.`id` = " . $left_tgt->get_ID() . " " . - "GROUP BY s.`stig_id`, tgt.`name` " . - "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; + $ret = []; + $left_sql = "SELECT " . + "s.`stig_id`, pcl.`check_contents`, " . + "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . + "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . + "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . + "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . + "FROM `sagacity`.`finding_controls` fc " . + "WHERE fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id`) AS 'finding_ia_controls', " . + "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . + "FROM `sagacity`.`ia_controls` ia " . + "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . + "FROM `sagacity`.`checklist` chk " . + "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . + "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . + "WHERE tgt.`id` = {$left_tgt->get_ID()} " . + "GROUP BY s.`stig_id`, tgt.`name` " . + "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; $right_sql = "SELECT " . - "s.`stig_id`, pcl.`check_contents`, " . - "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . - "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . - "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . - "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . - "FROM `sagacity`.`finding_controls` fc " . - "WHERE fc.`finding_id` = f.`id`) AS 'finding_ia_controls', " . - "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . - "FROM `sagacity`.`ia_controls` ia " . - "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . - "FROM `sagacity`.`checklist` chk " . - "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . - "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . - "WHERE tgt.`id` = " . $right_tgt->get_ID() . " " . - "GROUP BY s.`stig_id`, tgt.`name` " . - "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; + "s.`stig_id`, pcl.`check_contents`, " . + "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . + "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . + "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . + "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . + "FROM `sagacity`.`finding_controls` fc " . + "WHERE fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id`) AS 'finding_ia_controls', " . + "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . + "FROM `sagacity`.`ia_controls` ia " . + "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . + "FROM `sagacity`.`checklist` chk " . + "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . + "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . + "WHERE tgt.`id` = {$right_tgt->get_ID()} " . + "GROUP BY s.`stig_id`, tgt.`name` " . + "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; if ($res = $this->conn->query($left_sql)) { while ($row = $res->fetch_assoc()) { $ret['left'][$row['stig_id']] = array( - 'stig_id' => $row['stig_id'], - 'cat' => $row['cat'], - 'ia_controls' => (!empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), - 'status' => $row['finding_status'], - 'notes' => $row['notes'] + 'stig_id' => $row['stig_id'], + 'cat' => $row['cat'], + 'ia_controls' => (! empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), + 'status' => $row['finding_status'], + 'notes' => $row['notes'] ); } } @@ -4751,14 +4910,14 @@ class db if ($res = $this->conn->query($right_sql)) { while ($row = $res->fetch_assoc()) { $ret['right'][$row['stig_id']] = array( - 'stig_id' => $row['stig_id'], - 'cat' => $row['cat'], - 'ia_controls' => (!empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), - 'status' => $row['finding_status'], - 'notes' => $row['notes'] + 'stig_id' => $row['stig_id'], + 'cat' => $row['cat'], + 'ia_controls' => (! empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), + 'status' => $row['finding_status'], + 'notes' => $row['notes'] ); - if (!isset($ret['left'][$row['stig_id']])) { + if (! isset($ret['left'][$row['stig_id']])) { $ret['left'][$row['stig_id']] = null; } } @@ -4772,53 +4931,54 @@ class db * Add a finding * * @param scan $scan - * Scan that found this item + * Scan that found this item * @param array:target|target $tgts - * Array of targets or a single target that have this finding + * Array of targets or a single target that have this finding * @param array|finding $finding_data - * Array of data associated with the finding
- * [0] => 'stig id'
- * [1] => 'vms id'
- * [2] => 'category level (I, II, III)'
- * [3] => 'ia controls (space delimited)'
- * [4] => 'short title'
- * [5...n] => 'target status'
- * [n+1] => 'notes'
- * [n+2] => 'check contents'
- * [n+3] => 'missing pdi' + * Array of data associated with the finding
+ * [0] => 'stig id'
+ * [1] => 'vms id'
+ * [2] => 'category level (I, II, III)'
+ * [3] => 'ia controls (space delimited)'
+ * [4] => 'short title'
+ * [5...n] => 'target status'
+ * [n+1] => 'notes'
+ * [n+2] => 'check contents'
+ * [n+3] => 'missing pdi' */ public function add_Finding($scan, $tgts, $finding_data) { global $cmd; set_time_limit(0); $host_count = 0; - $ref = null; + $ref = null; if (is_array($tgts)) { $host_count = count($tgts); - } - else { - $host_count++; + } else { + $host_count ++; } if (preg_match('/\d\.\d+/', $finding_data[0])) { $finding_data[0] = str_pad($finding_data[0], 5, "0"); } - $stig_id = $finding_data[0]; - $vms_id = preg_replace("/V0+/i", "V-", $finding_data[1]); - $cat_lvl = substr_count($finding_data[2], 'I'); + $stig_id = $finding_data[0]; + $vms_id = preg_replace("/V0+/i", "V-", $finding_data[1]); + $cat_lvl = substr_count($finding_data[2], 'I'); $ia_controls = $finding_data[3]; $short_title = $finding_data[4]; - $notes = $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $host_count]; + $notes = $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $host_count]; if (preg_match('/SV\-.*_rule/', $stig_id)) { $ref = $this->get_SV_Rule(null, $stig_id); - } - elseif (preg_match('/CVE\-\d{4}\-\d+/', $stig_id)) { - $ref = [0 => $this->get_CVE($stig_id)]; - } - elseif (preg_match('/\d{4}\-[ABT]\-\d+/', $stig_id)) { - $ref = [0 => $this->get_IAVM($stig_id)]; + } elseif (preg_match('/CVE\-\d{4}\-\d+/', $stig_id)) { + $ref = [ + 0 => $this->get_CVE($stig_id) + ]; + } elseif (preg_match('/\d{4}\-[ABT]\-\d+/', $stig_id)) { + $ref = [ + 0 => $this->get_IAVM($stig_id) + ]; } if (is_null($ref) && $stig_id != 'No Reference') { @@ -4831,14 +4991,13 @@ class db if (is_array($ref) && count($ref) && isset($ref[0])) { $ref = $ref[0]; - } - else { + } else { // add a new checklist entry - $pdi = new pdi(null, $cat_lvl, 'NOW', $short_title, $short_title); + $pdi = new pdi(null, $cat_lvl, 'NOW', $short_title, $short_title); $pdi_id = $this->save_PDI($pdi); $stig = new stig($pdi_id, $stig_id, $short_title); - $ref = $stig; + $ref = $stig; $this->add_Stig($stig); $golddisk = new golddisk($pdi_id, $vms_id, $short_title); @@ -4849,8 +5008,8 @@ class db if (is_array($tgts)) { $updated_finding = []; - $new_finding = []; - $x = 0; + $new_finding = []; + $x = 0; foreach ($tgts as $tgt) { switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $x]))) { case 'not reviewed': @@ -4875,61 +5034,55 @@ class db if ($current_finding != null) { $current_status = $current_finding->get_Finding_Status_String(); - //$current_source = $current_finding->get(); + // $current_source = $current_finding->get(); if ($current_status != $status) { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->prepend_Notes($current_notes); } } - if (($current_status == 'Open' || $status == 'Open') && - ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || - $status == 'Not Applicable' || $status == 'Not a Finding')) { + if (($current_status == 'Open' || $status == 'Open') && ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || $status == 'Not Applicable' || $status == 'Not a Finding')) { $current_finding->set_Notes("OPEN CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_OPEN); - } - elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && - ($status == 'Not a Finding' || $status == 'Not Applicable')) { + } elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && ($status == 'Not a Finding' || $status == 'Not Applicable')) { $current_finding->set_Notes("NF/NA CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_NF); - } - else { + } else { $current_finding->set_Change_ID(finding::NC); } - $new_status = $current_finding->get_Deconflicted_Status($status); + $new_status = $current_finding->get_Deconflicted_Status($status); $new_status_id = $current_finding->get_Finding_Status_ID($new_status); $current_finding->set_Finding_Status($new_status_id); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $current_finding->set_Category($cat_lvl); $current_finding->set_IA_Controls($ia_controls); $updated_finding[] = $current_finding; - } - else { + } else { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } $current_finding->set_Change_ID(finding::NC); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $current_finding->set_Category($cat_lvl); @@ -4937,9 +5090,8 @@ class db $updated_finding[] = $current_finding; } - } - else { - $new = new finding(null, $tgt->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); + } else { + $new = new finding($tgt->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); $new->set_Category($cat_lvl); $new->set_IA_Controls($ia_controls); @@ -4950,13 +5102,10 @@ class db $match = []; if (preg_match("/\(FP\-([a-zA-Z \-]+)\)/i", $notes, $match)) { $src = $match[1]; - //$src = str_replace("_", " ", $match[1]); - $sql = "REPLACE INTO `false_positives` (`pdi_id`, `src_id`, `notes`) VALUES (" . - $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . - "(SELECT `id` FROM `sources` WHERE `name` = '" . $this->conn->real_escape_string($src) . "'), " . - "'Common FP for $src')"; + // $src = str_replace("_", " ", $match[1]); + $sql = "REPLACE INTO `false_positives` (`pdi_id`, `src_id`, `notes`) VALUES (" . $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . "(SELECT `id` FROM `sources` WHERE `name` = '" . $this->conn->real_escape_string($src) . "'), " . "'Common FP for $src')"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -4970,12 +5119,10 @@ class db if ($status == 'Exception') { $ste = $this->get_STE($tgt->get_STE_ID())[0]; - $sql = "REPLACE INTO `exceptions` (`pdi_id`, `sys_id`, `notes`) VALUES (" . - $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($ste->get_System()->get_ID()) . ", " . - "'')"; + $sql = "REPLACE INTO `exceptions` (`pdi_id`, `sys_id`, `notes`) VALUES (" . $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . $this->conn->real_escape_string($ste->get_System() + ->get_ID()) . ", " . "'')"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -4985,84 +5132,106 @@ class db } } - $x++; + $x ++; } $notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes); if (isset($updated_finding) && is_array($updated_finding) && count($updated_finding) > 0) { + /** @var finding $finding */ foreach ($updated_finding as $finding) { - $update_sql = "UPDATE `findings` SET " . - "`scan_id` = " . $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " . - "`findings_status_id` = " . $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " . - "`notes` = '" . $this->conn->real_escape_string($finding->get_Notes()) . "', " . - "`change_id` = " . $this->conn->real_escape_string($finding->get_Change_ID()) . ", " . - "`orig_src` = '" . $this->conn->real_escape_string($finding->get_Original_Source()) . "', " . - "`finding_itr` = " . $this->conn->real_escape_string($finding->get_Finding_Iteration()) . ", " . - "`cat` = " . $this->conn->real_escape_string($finding->get_Category()) . - " WHERE `id` = " . $this->conn->real_escape_string($finding->get_ID()); + $this->help->update('findings', [ + 'scan_id' => $finding->get_Scan_ID(), + 'findings_status_id' => $finding->get_Finding_Status(), + 'notes' => $finding->get_Notes(), + 'change_id' => $finding->get_Change_ID(), + 'orig_src' => $finding->get_Original_Source(), + 'finding_itr' => $finding->get_Finding_Iteration(), + 'cat' => $finding->get_Category() + ], [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); - $this->conn->ping(); - - if (!$this->conn->real_query($update_sql)) { - Sagacity_Error::sql_handler($update_sql); - error_log($this->conn->error); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); return false; } - $this->conn->real_query("DELETE FROM `finding_controls` WHERE `finding_id` = " . $finding->get_ID()); + $this->help->delete("finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); + $this->help->execute(); - $sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES "; + $params = []; foreach ($finding->get_IA_Controls() as $ia) { - $sql2 .= "({$this->conn->real_escape_string($finding->get_ID())}, " . - "'{$this->conn->real_escape_string($ia)}'),"; - } - $sql2 = substr($sql2, 0, -1); - if (strlen($sql2) > 74) { - $this->conn->real_query($sql2); + $params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $ia + ]; } + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } } if (isset($new_finding) && count($new_finding) > 0) { + $finding_params = []; + $finding_control_params = []; foreach ($new_finding as $finding) { - $insert_sql = "INSERT INTO `findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `cat`, `notes`) VALUES " . - "(" . $this->conn->real_escape_string($finding->get_Tgt_ID()) . ", " . - $this->conn->real_escape_string($finding->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " . - $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " . - $this->conn->real_escape_string($finding->get_Category()) . ", " . - "'" . $this->conn->real_escape_string($finding->get_Notes()) . "')"; + /** @var finding $finding */ + $finding_params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $finding->get_Scan_ID(), + $finding->get_Finding_Status(), + $finding->get_Category(), + $finding->get_Notes() + ]; - $this->conn->ping(); - - if (strlen($insert_sql) > 103) { - if (!$this->conn->real_query($insert_sql)) { - Sagacity_Error::sql_handler($insert_sql); - error_log($this->conn->error); - return false; - } - } - - $find_id = $this->conn->insert_id; - - $sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES "; foreach ($finding->get_IA_Controls() as $ia) { - $sql2 .= "({$this->conn->real_escape_string($find_id)}, " . - "'{$this->conn->real_escape_string($ia)}'),"; + $finding_control_params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $ia + ]; } - $sql2 = substr($sql2, 0, -1); - if (strlen($sql2) > 74) { - $this->conn->real_query($sql2); + } + + if(is_array($finding_params) && count($finding_params)) { + $this->extended_insert('findings', ['tgt_id', 'pdi_id', 'scan_id', 'findings_status_id', 'cat', 'notes'], $finding_params, true); + + if($this->help->execute()) { + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $finding_control_params, true); + $this->help->execute(); } } } return true; - } - else { + } else { $updated_finding = null; - $new_finding = null; + $new_finding = null; switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL]))) { case 'not reviewed': case 'not a finding': @@ -5086,67 +5255,60 @@ class db if (is_array($current_finding) && count($current_finding)) { $current_status = $current_finding->get_Finding_Status_String(); - //$current_source = $current_finding->get(); + // $current_source = $current_finding->get(); if ($current_status != $status) { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } - if (($current_status == 'Open' || $status == 'Open') && - ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || - $status == 'Not Applicable' || $status == 'Not a Finding')) { + if (($current_status == 'Open' || $status == 'Open') && ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || $status == 'Not Applicable' || $status == 'Not a Finding')) { $current_finding->set_Notes("OPEN CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_OPEN); - } - elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && - ($status == 'Not a Finding' || $status == 'Not Applicable')) { + } elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && ($status == 'Not a Finding' || $status == 'Not Applicable')) { $current_finding->set_Notes("NF/NA CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_NF); - } - else { + } else { $current_finding->set_Change_ID(finding::NC); } - $new_status = $current_finding->get_Deconflicted_Status($status); + $new_status = $current_finding->get_Deconflicted_Status($status); $new_status_id = $current_finding->get_Finding_Status_ID($new_status); $current_finding->set_Finding_Status($new_status_id); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $updated_finding = $current_finding; - } - else { + } else { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } $current_finding->set_Change_ID(finding::NC); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $updated_finding = $current_finding; } - } - else { - $new_finding = new finding(null, $tgts->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); + } else { + $new_finding = new finding($tgts->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); $new_finding->set_Category($cat_lvl); $new_finding->set_IA_Controls($ia_controls); @@ -5154,71 +5316,86 @@ class db $notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes); - if (isset($updated_finding) && !is_null($updated_finding)) { - $update_sql = "UPDATE `findings` SET " . - "`scan_id` = " . $this->conn->real_escape_string($updated_finding->get_Scan_ID()) . ", " . - "`findings_status_id` = " . $this->conn->real_escape_string($updated_finding->get_Finding_Status()) . ", " . - "`notes` = '" . $this->conn->real_escape_string($updated_finding->get_Notes()) . "', " . - "`change_id` = " . $this->conn->real_escape_string($updated_finding->get_Change_ID()) . ", " . - "`orig_src` = '" . $this->conn->real_escape_string($updated_finding->get_Original_Source()) . "', " . - "`finding_itr` = " . $this->conn->real_escape_string($updated_finding->get_Finding_Iteration()) . ", " . - "`cat` = " . $this->conn->real_escape_string($updated_finding->get_Category()) . - " WHERE `id` = " . $this->conn->real_escape_string($updated_finding->get_ID()); + if (isset($updated_finding) && ! is_null($updated_finding)) { + $this->help->update("findings", [ + 'scan_id' => $updated_finding->get_Scan_ID(), + 'findings_status_id' => $updated_finding->get_Finding_status(), + 'notes' => $updated_finding->get_Notes(), + 'change_id' => $updated_finding->get_Change_ID(), + 'orig_src' => $updated_finding->get_Original_Source(), + 'finding_itr' => $updated_finding->get_Finding_Iteration(), + 'cat' => $updated_finding->get_Category() + ], [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $updated_finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $updated_finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); - $this->conn->ping(); - - if (!$this->conn->real_query($update_sql)) { - Sagacity_Error::sql_handler($update_sql); - error_log($this->conn->error); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); return false; } - $this->conn->real_query("DELETE FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $updated_finding->get_ID()); - - $sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES "; + $this->help->delete("finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $updated_finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $updated_finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); + $this->help->execute(); + $params = []; foreach ($updated_finding->get_IA_Controls() as $ia) { - $sql2 .= "(" . - $this->conn->real_escape_string($updated_finding->get_ID()) . ", " . - "'" . $this->conn->real_escape_string($ia) . "'), "; + $params[] = [ + $updated_finding->get_Tgt_ID(), + $updated_finding->get_PDI_ID(), + $ia + ]; } - - $sql2 = substr($sql2, 0, -1); - - $this->conn->real_query($sql2); + $this->help->extended_insert("finding_controls", ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } - if (isset($new_finding) && !is_null($new_finding)) { - $insert_sql = "INSERT INTO `sagacity`.`findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `notes`, `cat`) VALUES " . - "(" . $this->conn->real_escape_string($new_finding->get_Tgt_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_Scan_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_Finding_Status()) . ", " . - "'" . $this->conn->real_escape_string($new_finding->get_Notes()) . "', " . - $this->conn->real_escape_string($new_finding->get_Category()) . ")"; + if (isset($new_finding) && ! is_null($new_finding)) { + $this->help->insert("findings", [ + 'tgt_id' => $new_finding->get_Tgt_ID(), + 'pdi_id' => $new_finding->get_PDI_ID(), + 'scan_id' => $new_finding->get_Scan_ID(), + 'findings_status_id' => $new_finding->get_Finding_Status(), + 'notes' => $new_finding->get_Notes(), + 'cat' => $new_finding->get_Category() + ], true); - $this->conn->ping(); - - if (strlen($insert_sql) > 97) { - if (!$this->conn->real_query($insert_sql)) { - Sagacity_Error::sql_handler($insert_sql); - error_log($this->conn->error); - return false; - } + if(!$this->help->execute()) { + $this->help->debug(E_ERROR); + return false; } - $find_id = $this->conn->insert_id; - - $sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES "; + $params = []; foreach ($new_finding->get_IA_Controls() as $ia) { - $sql2 .= "(" . - $this->conn->real_escape_string($find_id) . ", " . - "'" . $this->conn->real_escape_string($ia) . "'), "; + $params[] = [ + $new_finding->get_Tgt_ID(), + $new_finding->get_PDI_ID(), + $ia + ]; } - - $sql2 = substr($sql2, 0, -1); - - $this->conn->real_query($sql2); + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } return true; @@ -5229,22 +5406,29 @@ class db * Function to add findings to the database * * @param array:finding $updated_findings - * Array of findings to update + * Array of findings to update * @param array:finding $added_findings - * Array of findings to add to database + * Array of findings to add to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Findings_By_Target($updated_findings, $added_findings) { - $fields = ['pdi_id', 'tgt_id', 'scan_id', 'findings_status_id', 'notes', 'cat']; + $fields = [ + 'pdi_id', + 'tgt_id', + 'scan_id', + 'findings_status_id', + 'notes', + 'cat' + ]; $ins_arr = []; if (is_array($added_findings) && count($added_findings) && is_a(current($added_findings), 'finding')) { $scan_id = current($added_findings)->get_Scan_ID(); foreach ($added_findings as $finding) { + /** @var finding $finding */ $ins_arr[] = [ $finding->get_PDI_ID(), $finding->get_Tgt_ID(), @@ -5258,41 +5442,40 @@ class db if (is_array($ins_arr) && count($ins_arr)) { $this->help->extended_insert('findings', $fields, $ins_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } - $this->help->sql = "INSERT IGNORE INTO `finding_controls` (`finding_id`, `ia_control`) " . - "(SELECT f.`id`, " . - "(SELECT CONCAT(ia.`type`, '-', ia.`type_id`) " . - "FROM `ia_controls` ia " . - "WHERE ia.`pdi_id` = f.`pdi_id`) " . - "FROM `findings` f " . - "WHERE f.`scan_id` = $scan_id)" - ; + $this->help->sql = "INSERT IGNORE INTO `finding_controls` (`tgt_id`, `pdi_id`, `ia_control`) " . + "(SELECT f.`tgt_id`, f.`pdi_id`, " . + "(SELECT CONCAT(ia.`type`, '-', ia.`type_id`) " . + "FROM `ia_controls` ia " . + "WHERE ia.`pdi_id` = f.`pdi_id`) " . + "FROM `findings` f " . + "WHERE f.`scan_id` = $scan_id)"; $this->help->query_type = db_helper::INSERT; - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } $this->help->delete("finding_controls", null, [ [ 'field' => 'ia_control', - 'op' => '=', + 'op' => '=', 'value' => '' ], [ - 'field' => 'ia_control', - 'op' => '=', - 'value' => '-', + 'field' => 'ia_control', + 'op' => '=', + 'value' => '-', 'sql_op' => 'OR' ], [ - 'field' => 'ia_control', - 'op' => IS, - 'value' => null, + 'field' => 'ia_control', + 'op' => IS, + 'value' => null, 'sql_op' => 'OR' ] ]); @@ -5302,52 +5485,58 @@ class db if (is_array($updated_findings) && count($updated_findings) && is_a(current($updated_findings), 'finding')) { $this->help->create_table("tmp_findings", true, [ [ - 'field' => 'id', + 'field' => 'tgt_id', 'datatype' => 'int(11)' ], [ - 'field' => 'tgt_id', + 'field' => 'pdi_id', 'datatype' => 'int(11)' ], [ - 'field' => 'pdi_id', + 'field' => 'scan_id', 'datatype' => 'int(11)' ], [ - 'field' => 'scan_id', + 'field' => 'findings_status_id', 'datatype' => 'int(11)' ], [ - 'field' => 'findings_status_id', + 'field' => 'change_id', 'datatype' => 'int(11)' ], [ - 'field' => 'change_id', - 'datatype' => 'int(11)' - ], - [ - 'field' => 'finding_itr', + 'field' => 'finding_itr', 'datatype' => 'int(5)' ], [ - 'field' => 'cat', + 'field' => 'cat', 'datatype' => 'int(1)' ], [ - 'field' => 'notes', + 'field' => 'notes', 'datatype' => 'text' ], [ - 'field' => 'orig_src', + 'field' => 'orig_src', 'datatype' => 'varchar(10)' ] ]); $this->help->execute(); - $upd_arr = []; - $update_fields = ['id', 'tgt_id', 'pdi_id', 'scan_id', 'findings_status_id', 'change_id', 'finding_itr', 'cat', 'notes', 'orig_src']; + $upd_arr = []; + $update_fields = [ + 'tgt_id', + 'pdi_id', + 'scan_id', + 'findings_status_id', + 'change_id', + 'finding_itr', + 'cat', + 'notes', + 'orig_src' + ]; foreach ($updated_findings as $finding) { + /** @var finding $finding */ $upd_arr[] = [ - $finding->get_ID(), $finding->get_Tgt_ID(), $finding->get_PDI_ID(), $finding->get_Scan_ID(), @@ -5364,10 +5553,11 @@ class db $this->help->extended_insert("tmp_findings", $update_fields, $upd_arr, true); $this->help->execute(); - $this->help->extended_update('findings', 'tmp_findings', 'id', $update_fields); + $this->help->extended_update('findings', 'tmp_findings', '`tgt_id`,`pdi_id`', $update_fields); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); + return false; } } } @@ -5379,96 +5569,101 @@ class db * Function to update a finding status and notes * * @param finding $find - * The finding to update + * The finding to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Finding($find) { - if ($find->get_ID()) { - $this->help->update("sagacity.findings", array( - 'findings_status_id' => $find->get_Finding_Status(), - 'notes' => $find->get_Notes(), - 'cat' => $find->get_Category() - ), array( - array( - 'field' => 'id', - 'op' => '=', - 'value' => $find->get_ID() - ) - )); - return $this->help->execute(); - } - else { - $this->help->insert("sagacity.findings", array( - 'tgt_id' => $find->get_Tgt_ID(), - 'pdi_id' => $find->get_PDI_ID(), - 'scan_id' => $find->get_Scan_ID(), - 'findings_status_id' => $find->get_Finding_Status(), - 'notes' => $find->get_Notes(), - 'cat' => $find->get_Category() - ), true); - if (!$find_id = $this->help->execute()) { - $this->help->debug(E_ERROR); - return false; - } + $this->help->replace("sagacity.findings", [ + 'tgt_id' => $find->get_Tgt_ID(), + 'pdi_id' => $find->get_PDI_ID(), + 'scan_id' => $find->get_Scan_ID(), + 'findings_status_id' => $find->get_Finding_Status(), + 'notes' => $find->get_Notes(), + 'cat' => $find->get_Category() + ]); + + if ($this->help->execute()) { + $this->help->delete("sagacity.finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $find->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $find->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); $ia_arr = []; foreach ($find->get_IA_Controls() as $ia) { - $ia_arr[] = array( - $find_id, + $ia_arr[] = [ + $find->get_Tgt_ID(), + $find->get_PDI_ID(), $ia - ); + ]; } - $this->help->extended_insert("sagacity.finding_controls", array('finding_id', 'control_id'), $ia_arr, true); - if (!$this->help->execute()) { - $this->help->debug(E_ERROR); + if (is_array($ia_arr) && count($ia_arr) && isset($ia_arr[0])) { + $this->help->extended_insert("sagacity.finding_controls", [ + 'tgt_id', + 'pdi_id', + 'control_id' + ], $ia_arr, true); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); + return false; + } } - - return true; + } else { + $this->help->debug(E_ERROR); + return false; } + + return true; } /** * Get count of open category I findings for a target * * @param integer $checklist_id - * Checklist ID to query for quantity + * Checklist ID to query for quantity * @param target $tgt - * Target to query + * Target to query * - * @return integer - * Returns the number of findings that are Cat I and with a status of 'Open' for a specific host + * @return integer Returns the number of findings that are Cat I and with a status of 'Open' for a specific host */ public function get_Host_Open_Cat_1($checklist_id, $tgt) { $this->help->select_count("sagacity.pdi_catalog pdi", array( array( 'field' => 'lu.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_id ), array( - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt->get_ID(), + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt->get_ID(), 'sql_op' => 'AND' ), array( - 'field' => 'fs.status', - 'op' => '=', - 'value' => 'Open', + 'field' => 'fs.status', + 'op' => '=', + 'value' => 'Open', 'sql_op' => 'AND' ), array( - 'field' => 'pdi.cat', - 'op' => '=', - 'value' => 1, + 'field' => 'pdi.cat', + 'op' => '=', + 'value' => 1, 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.pdi_checklist_lookup lu ON lu.pdi_id=pdi.id", "JOIN sagacity.findings f ON f.pdi_id=pdi.id", @@ -5484,34 +5679,33 @@ class db * Get count of not reviewed findings for a target * * @param integer $checklist_id - * Checklist ID to query for quantity + * Checklist ID to query for quantity * @param target $tgt - * Target to query + * Target to query * - * @return integer - * Returns the number of findings with a status of 'Not Reviewed' for a specific host + * @return integer Returns the number of findings with a status of 'Not Reviewed' for a specific host */ public function get_Host_Not_Reviewed($checklist_id, $tgt) { $this->help->select_count("sagacity.pdi_catalog pdi", array( array( 'field' => 'lu.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_id ), array( - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt->get_ID(), + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt->get_ID(), 'sql_op' => 'AND' ), array( - 'field' => 'fs.status', - 'op' => '=', - 'value' => 'Not Reviewed', + 'field' => 'fs.status', + 'op' => '=', + 'value' => 'Not Reviewed', 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.pdi_checklist_lookup lu ON lu.pdi_id=pdi.id", "JOIN sagacity.findings f ON f.pdi_id=pdi.id", @@ -5528,21 +5722,22 @@ class db /** * Get GoldDisk data * - * @param string $str_VMS_ID [optional] - * The VMS id of the golddisk object (default null) + * @param string $str_VMS_ID + * [optional] + * The VMS id of the golddisk object (default null) * * @return array:golddisk |NULL - * Returns an array of golddisk objects, or null if none found + * Returns an array of golddisk objects, or null if none found */ public function get_GoldDisk($str_VMS_ID = null) { - $ret = []; + $ret = []; $where = []; if ($str_VMS_ID != null) { $where[] = array( 'field' => 'vms_id', - 'op' => '=', + 'op' => '=', 'value' => $str_VMS_ID ); } @@ -5551,7 +5746,9 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -5567,10 +5764,10 @@ class db * Function for retrieving a VMS using the PDI * * @param integer $pdi_id - * The PDI ID of the golddisk to grab + * The PDI ID of the golddisk to grab * * @return array:golddisk |NULL - * Returns an array of golddisk, or null if none found + * Returns an array of golddisk, or null if none found */ public function get_GoldDisk_By_PDI($pdi_id) { @@ -5578,22 +5775,23 @@ class db $this->help->select("golddisk", null, [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $ret[] = new golddisk($row['pdi_id'], $row['vms_id'], $row['short_title']); } - } - else { + } else { $this->help->debug(E_ERROR); } @@ -5604,20 +5802,19 @@ class db * Function to add GoldDisk to database * * @param golddisk $new_GoldDisk - * The golddisk object to add to database + * The golddisk object to add to database * - * @return boolean - * Returns TRUE if successful, otherwise false + * @return boolean Returns TRUE if successful, otherwise false */ public function save_GoldDisk($new_GoldDisk) { $this->help->insert("sagacity.golddisk", array( - 'pdi_id' => $new_GoldDisk->get_PDI_ID(), - 'vms_id' => $new_GoldDisk->get_ID(), + 'pdi_id' => $new_GoldDisk->get_PDI_ID(), + 'vms_id' => $new_GoldDisk->get_ID(), 'short_title' => $new_GoldDisk->get_Short_Title() - ), true); + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -5630,19 +5827,13 @@ class db * Function to get IA control from DB * * @param ia_control $ia - * IA Control to retrieve from the database + * IA Control to retrieve from the database * - * @return ia_control|NULL - * Returns IA_Control object, or null if none found + * @return ia_control|NULL Returns IA_Control object, or null if none found */ public function get_IA_Controls($ia) { - $sql = "SELECT `pdi_id`, `type`, `type_id` " . - "FROM `sagacity`.`ia_controls` " . - "WHERE " . - "`pdi_id` = " . $this->conn->real_escape_string($ia->get_PDI_ID()) . " AND " . - "`type` = '" . $this->conn->real_escape_string($ia->get_Type()) . "' AND " . - "`type_id` = " . $this->conn->real_escape_string($ia->get_Type_ID()); + $sql = "SELECT `pdi_id`, `type`, `type_id` " . "FROM `sagacity`.`ia_controls` " . "WHERE " . "`pdi_id` = " . $this->conn->real_escape_string($ia->get_PDI_ID()) . " AND " . "`type` = '" . $this->conn->real_escape_string($ia->get_Type()) . "' AND " . "`type_id` = " . $this->conn->real_escape_string($ia->get_Type_ID()); $res = $this->conn->query($sql); @@ -5667,23 +5858,17 @@ class db $class = 'cl'; if ($sys->get_Classification() == 'Public') { $class = 'pub'; - } - elseif ($sys->get_Classification() == 'Sensitive') { + } elseif ($sys->get_Classification() == 'Sensitive') { $class = 'sen'; } $ret = []; - $sql = "SELECT `proc_control` " . - "FROM `sagacity`.`proc_level_type` " . - "WHERE " . - "`level` = " . $sys->get_MAC() . " AND " . - "`class` = '$class'"; + $sql = "SELECT `proc_control` " . "FROM `sagacity`.`proc_level_type` " . "WHERE " . "`level` = " . $sys->get_MAC() . " AND " . "`class` = '$class'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $ret[] = new ia_control(null, explode('-', $row['proc_control'])[0], explode('-', $row['proc_control'])[1]); } - } - else { + } else { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -5695,17 +5880,14 @@ class db * Function for retrieving IA Controls by PDI * * @param integer $pdi_id - * PDI ID used to query + * PDI ID used to query * * @return array:ia_control |NULL - * Returns array of ia_controls associated with a specific PDI, or null if none found + * Returns array of ia_controls associated with a specific PDI, or null if none found */ public function get_IA_Controls_By_PDI($pdi_id) { - $sql = "SELECT " . - "`pdi_id`, `type`, `type_id` " . - "FROM `sagacity`.`ia_controls` " . - "WHERE `pdi_id` = " . $this->conn->real_escape_string($pdi_id); + $sql = "SELECT " . "`pdi_id`, `type`, `type_id` " . "FROM `sagacity`.`ia_controls` " . "WHERE `pdi_id` = " . $this->conn->real_escape_string($pdi_id); if ($res = $this->conn->query($sql)) { $ret = []; @@ -5715,8 +5897,7 @@ class db } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -5734,7 +5915,7 @@ class db */ public function get_IA_Control_Icon($ste, $ctrl) { - $cats = $this->get_STE_Cat_List($ste->get_ID()); + $cats = $this->get_STE_Cat_List($ste->get_ID()); $total = 0; foreach ($cats as $cat) { @@ -5751,8 +5932,7 @@ class db } if (empty($ctrl->finding->vul_desc)) { return "exclamation.png"; - } - elseif (empty($ctrl->finding->mitigations)) { + } elseif (empty($ctrl->finding->mitigations)) { return "exclamation.png"; } @@ -5763,10 +5943,9 @@ class db * Update an IA control * * @param ia_control|array:ia_control $ia_Controls - * Array of IA Controls to update + * Array of IA Controls to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_IA_Control($ia_Controls) { @@ -5780,21 +5959,23 @@ class db $ia->get_Type_ID() ); } - } - elseif (is_a($ia_Controls, 'ia_control')) { + } elseif (is_a($ia_Controls, 'ia_control')) { $params[] = array( $ia_Controls->get_PDI_ID(), $ia_Controls->get_Type(), $ia_Controls->get_Type_ID() ); - } - else { + } else { return false; } - $this->help->extended_replace("sagacity.ia_controls", array('pdi_id', 'type', 'type_id'), $params); + $this->help->extended_replace("sagacity.ia_controls", array( + 'pdi_id', + 'type', + 'type_id' + ), $params); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -5808,33 +5989,26 @@ class db * Function for retrieving an IAVM * * @param integer|string $iavm_ID - * The IAVM ID to look for + * The IAVM ID to look for * - * @return iavm|NULL - * Returns IAVM object, otherwise null if none found + * @return iavm|NULL Returns IAVM object, otherwise null if none found */ public function get_IAVM($iavm_ID) { - $sql = "SELECT " . - "iavm.`noticeId`, iavm.`pdi_id`, iavm.`xmlUrl`, iavm.`htmlUrl`, iavm.`iavmNoticeNumber`, iavm.`title`, " . - "iavm.`type`, iavm.`state`, iavm.`lastUpdated`, iavm.`releaseDate`, iavm.`supersedes`, " . - "iavm.`executiveSummary`, iavm.`fixAction`, iavm.`note`, iavm.`vulnAppsSysAndCntrmsrs`, " . - "iavm.`stigFindingSeverity`, iavm.`knownExploits`, iavm.`file_name` " . - "FROM `sagacity`.`iavm_notices` iavm"; + $sql = "SELECT " . "iavm.`noticeId`, iavm.`pdi_id`, iavm.`xmlUrl`, iavm.`htmlUrl`, iavm.`iavmNoticeNumber`, iavm.`title`, " . "iavm.`type`, iavm.`state`, iavm.`lastUpdated`, iavm.`releaseDate`, iavm.`supersedes`, " . "iavm.`executiveSummary`, iavm.`fixAction`, iavm.`note`, iavm.`vulnAppsSysAndCntrmsrs`, " . "iavm.`stigFindingSeverity`, iavm.`knownExploits`, iavm.`file_name` " . "FROM `sagacity`.`iavm_notices` iavm"; if (is_numeric($iavm_ID)) { $sql .= " WHERE iavm.`noticeId` = " . $this->conn->real_escape_string($iavm_ID); - } - else { + } else { $sql .= " WHERE iavm.`iavmNoticeNumber` = '" . $this->conn->real_escape_string($iavm_ID) . "'"; } if ($res = $this->conn->query($sql)) { - if (!$res->num_rows) { + if (! $res->num_rows) { return null; } $notice_row = $res->fetch_assoc(); - $noticeId = $notice_row['noticeId']; + $noticeId = $notice_row['noticeId']; $iavm = new iavm($notice_row['noticeId'], $notice_row['pdi_id'], $notice_row['xmlUrl'], $notice_row['htmlUrl'], $notice_row['iavmNoticeNumber'], $notice_row['title'], $notice_row['type'], $notice_row['state'], $notice_row['lastUpdated'], $notice_row['releaseDate'], $notice_row['supersedes'], $notice_row['executiveSummary'], $notice_row['fixAction'], $notice_row['note'], $notice_row['vulnAppsSysAndCntrmsrs'], $notice_row['stigFindingSeverity'], $notice_row['knownExploits']); @@ -5848,8 +6022,7 @@ class db } } - $sql = "SELECT `id`, `title`, `url` FROM `sagacity`.`iavm_references` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `title`, `url` FROM `sagacity`.`iavm_references` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5857,29 +6030,25 @@ class db $iavm->add_Reference(new iavm_reference($ref_row['id'], $ref_row['title'], $ref_row['url'])); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `id`, `details` FROM `sagacity`.`iavm_tech_overview` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `details` FROM `sagacity`.`iavm_tech_overview` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { $to_row = $res2->fetch_assoc(); - $to = new iavm_tech_overview($to_row['id'], $to_row['details']); + $to = new iavm_tech_overview($to_row['id'], $to_row['details']); $iavm->set_Tech_Overview($to); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `id`, `type`, `title`, `url` FROM sagacity.iavm_patches " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `type`, `title`, `url` FROM sagacity.iavm_patches " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5887,14 +6056,12 @@ class db $iavm->add_Patch(new iavm_patch($patch_row['id'], $patch_row['type'], $patch_row['title'], $patch_row['url'])); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `header`, `body` FROM `sagacity`.`iavm_mitigations` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `header`, `body` FROM `sagacity`.`iavm_mitigations` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5902,14 +6069,12 @@ class db $iavm->set_Mitigation(new iavm_mitigation($mit_row['header'], $mit_row['body'])); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `bid` FROM `sagacity`.`iavm_bids` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `bid` FROM `sagacity`.`iavm_bids` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5920,8 +6085,7 @@ class db } return $iavm; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -5933,44 +6097,33 @@ class db * Get IAVM from external data (reference or patch) * * @param string $ext - * The external data to search for + * The external data to search for * - * @return iavm|NULL - * Returns an iavm object if any are found, otherwise NULL + * @return iavm|NULL Returns an iavm object if any are found, otherwise NULL */ public function get_IAVM_From_External($ext) { - $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_references` " . - "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `iavm_notice_id` " . - "ORDER BY `iavm_notice_id` DESC"; + $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_references` " . "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `iavm_notice_id` " . "ORDER BY `iavm_notice_id` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { - $row = $res->fetch_assoc(); + $row = $res->fetch_assoc(); $iavm = $this->get_IAVM($row['iavm_notice_id']); return $iavm; } - } - else { + } else { Sagacity_Error::sql_handler($sql); } - $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_patches` " . - "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `iavm_notice_id` " . - "ORDER BY `iavm_notice_id` DESC"; + $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_patches` " . "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `iavm_notice_id` " . "ORDER BY `iavm_notice_id` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { - $row = $res->fetch_assoc(); + $row = $res->fetch_assoc(); $iavm = $this->get_IAVM($row['iavm_notice_id']); return $iavm; } - } - else { + } else { Sagacity_Error::sql_handler($sql); } @@ -5979,6 +6132,7 @@ class db /** * Method to save IAVM BIDs + * * @param iavm $iavm */ public function save_Iavm_Bids($iavm) @@ -5986,12 +6140,18 @@ class db $params = []; if (is_array($iavm->get_Bids()) && count($iavm->get_Bids())) { foreach ($iavm->get_Bids() as $bid) { - $params[] = [$iavm->get_Notice_ID(), $bid]; + $params[] = [ + $iavm->get_Notice_ID(), + $bid + ]; } } if (count($params)) { - $this->help->extended_replace('iavm_bids', ['iavm_notice_id', 'bid'], $params); + $this->help->extended_replace('iavm_bids', [ + 'iavm_notice_id', + 'bid' + ], $params); $this->help->execute(); } } @@ -6006,8 +6166,10 @@ class db if ($iavm->get_Mitigation()) { $this->help->replace("iavm_mitiagations", [ 'iavm_notice_id' => $iavm->get_Notice_ID(), - 'header' => $iavm->get_Mitigation()->get_Header(), - 'body' => $iavm->get_Mitigation()->get_Text() + 'header' => $iavm->get_Mitigation() + ->get_Header(), + 'body' => $iavm->get_Mitigation() + ->get_Text() ]); $this->help->execute(); @@ -6024,12 +6186,22 @@ class db $params = []; if (is_array($iavm->get_Patches()) && count($iavm->get_Patches())) { foreach ($iavm->get_Patches() as $patch) { - $params[] = [$iavm->get_Notice_ID(), $patch->get_Type(), $patch->get_Title(), $patch->get_URL()]; + $params[] = [ + $iavm->get_Notice_ID(), + $patch->get_Type(), + $patch->get_Title(), + $patch->get_URL() + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_patches", ['iavm_notice_id', 'type', 'title', 'url'], $params); + $this->help->extended_replace("iavm_patches", [ + 'iavm_notice_id', + 'type', + 'title', + 'url' + ], $params); $this->help->execute(); } @@ -6045,12 +6217,20 @@ class db $params = []; if (is_array($iavm->get_References()) && count($iavm->get_References())) { foreach ($iavm->get_References() as $ref) { - $params[] = [$iavm->get_Notice_ID(), $ref->get_Title(), $ref->get_URL()]; + $params[] = [ + $iavm->get_Notice_ID(), + $ref->get_Title(), + $ref->get_URL() + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_references", ['iavm_notice_id', 'title', 'url'], $params); + $this->help->extended_replace("iavm_references", [ + 'iavm_notice_id', + 'title', + 'url' + ], $params); $this->help->execute(); } @@ -6066,7 +6246,8 @@ class db if ($iavm->get_Tech_Overview()) { $this->help->replace("iavm_tech_overview", [ 'iavm_notice_id' => $iavm->get_Notice_ID(), - 'details' => $iavm->get_Tech_Overview()->get_Details() + 'details' => $iavm->get_Tech_Overview() + ->get_Details() ]); $this->help->execute(); @@ -6083,12 +6264,18 @@ class db $params = []; if (is_array($iavm->get_CVE()) && count($iavm->get_CVE())) { foreach ($iavm->get_CVE() as $cve) { - $params[] = [$iavm->get_Notice_ID(), $cve]; + $params[] = [ + $iavm->get_Notice_ID(), + $cve + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_to_cve", ['noticeId', 'cve_id'], $params); + $this->help->extended_replace("iavm_to_cve", [ + 'noticeId', + 'cve_id' + ], $params); $this->help->execute(); } } @@ -6097,10 +6284,9 @@ class db * Function to save IAVMs * * @param iavm $iavm_in - * The IAVM to save + * The IAVM to save * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_IAVM($iavm_in) { @@ -6109,40 +6295,39 @@ class db if (is_null($db_iavm)) { $this->help->insert('iavm_notices', [ - 'noticeId' => $iavm_in->get_Notice_ID(), - 'pdi_id' => $iavm_in->get_PDI_ID(), - 'xmlUrl' => $iavm_in->get_XML_URL(), - 'htmlUrl' => $iavm_in->get_HTML_URL(), - 'iavmNoticeNumber' => $iavm_in->get_Notice_Number(), - 'title' => $iavm_in->get_Title(), - 'type' => $iavm_in->get_Type(), - 'state' => $iavm_in->get_State(), - 'lastUpdate' => $iavm_in->get_Last_Updated_Date(), - 'releaseDate' => $iavm_in->get_Release_Date_Date(), - 'supersedes' => $iavm_in->get_Supersedes(), - 'executiveSummary' => $iavm_in->get_Executive_Summary(), - 'fixAction' => $iavm_in->get_Fix_Action(), - 'note' => $iavm_in->get_Notes(), + 'noticeId' => $iavm_in->get_Notice_ID(), + 'pdi_id' => $iavm_in->get_PDI_ID(), + 'xmlUrl' => $iavm_in->get_XML_URL(), + 'htmlUrl' => $iavm_in->get_HTML_URL(), + 'iavmNoticeNumber' => $iavm_in->get_Notice_Number(), + 'title' => $iavm_in->get_Title(), + 'type' => $iavm_in->get_Type(), + 'state' => $iavm_in->get_State(), + 'lastUpdate' => $iavm_in->get_Last_Updated_Date(), + 'releaseDate' => $iavm_in->get_Release_Date_Date(), + 'supersedes' => $iavm_in->get_Supersedes(), + 'executiveSummary' => $iavm_in->get_Executive_Summary(), + 'fixAction' => $iavm_in->get_Fix_Action(), + 'note' => $iavm_in->get_Notes(), 'vulnAppsSysAndCntrmsrs' => $iavm_in->get_Vuln_Apps(), - 'stigFindingSeverity' => $iavm_in->get_Stig_Severity(), - 'knownExploits' => $iavm_in->get_Known_Exploits() + 'stigFindingSeverity' => $iavm_in->get_Stig_Severity(), + 'knownExploits' => $iavm_in->get_Known_Exploits() ]); - } - else { + } else { $this->help->update("iavm_notices", [ - 'type' => $iavm_in->get_Type(), - 'state' => $iavm_in->get_State(), - 'lastUpdated' => $iavm_in->get_Last_Updated_Date(), - 'supersedes' => $iavm_in->get_Supersedes(), - 'executiveSummary' => $iavm_in->get_Executive_Summary(), - 'fixAction' => $iavm_in->get_Fix_Action(), - 'knownExploits' => $iavm_in->get_Known_Exploits(), - 'note' => $iavm_in->get_Notes(), + 'type' => $iavm_in->get_Type(), + 'state' => $iavm_in->get_State(), + 'lastUpdated' => $iavm_in->get_Last_Updated_Date(), + 'supersedes' => $iavm_in->get_Supersedes(), + 'executiveSummary' => $iavm_in->get_Executive_Summary(), + 'fixAction' => $iavm_in->get_Fix_Action(), + 'knownExploits' => $iavm_in->get_Known_Exploits(), + 'note' => $iavm_in->get_Notes(), 'vulnAppsSysAndCntrmsrs' => $iavm_in->get_Vuln_Apps() - ], [ + ], [ [ 'field' => 'noticeId', - 'op' => '=', + 'op' => '=', 'value' => $iavm_in->get_Notice_ID() ] ]); @@ -6164,41 +6349,42 @@ class db * Get all interfaces for a target * * @param integer $tgtID - * Target ID to get interface information for + * Target ID to get interface information for * - * @return array:interfaces|NULL - * Returns array of interfaces (with ports), or NULL if none found + * @return array:interfaces|NULL Returns array of interfaces (with ports), or NULL if none found */ public function get_Interfaces($tgtID) { $ret = []; - if (!$tgtID) { + if (! $tgtID) { return []; } $this->help->select("sagacity.interfaces", null, [ [ 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgtID ], [ - 'field' => 'ipv4', - 'op' => '!=', - 'value' => '', + 'field' => 'ipv4', + 'op' => '!=', + 'value' => '', 'sql_op' => 'AND' ], [ - 'field' => 'ipv4', - 'op' => IS_NOT, - 'value' => null, + 'field' => 'ipv4', + 'op' => IS_NOT, + 'value' => null, 'sql_op' => 'AND' ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6209,14 +6395,16 @@ class db $this->help->select("sagacity.get_ports", null, [ [ 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['id'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { @@ -6224,8 +6412,7 @@ class db if ($p['proto'] == 'tcp') { $port = new tcp_ports($p['id'], $p['port'], $p['name'], $p['banner'], $p['notes']); $int->add_TCP_Ports($port); - } - else { + } else { $port = new udp_ports($p['id'], $p['port'], $p['name'], $p['banner'], $p['notes']); $int->add_UDP_Ports($port); } @@ -6234,8 +6421,7 @@ class db if ($row['ipv6']) { $ret[$row['ipv6']] = $int; - } - else { + } else { $ret[$row['ipv4']] = $int; } } @@ -6257,21 +6443,21 @@ class db $this->help->select("sagacity.interfaces", null, array( array( 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ), array( - 'field' => 'ipv4', - 'op' => '=', - 'value' => $ip, - 'sql_op' => 'AND', + 'field' => 'ipv4', + 'op' => '=', + 'value' => $ip, + 'sql_op' => 'AND', 'open-paren' => true ), array( - 'field' => 'ipv6', - 'op' => '=', - 'value' => $ip, - 'sql_op' => 'OR', + 'field' => 'ipv6', + 'op' => '=', + 'value' => $ip, + 'sql_op' => 'OR', 'close-paren' => true ) )); @@ -6282,23 +6468,26 @@ class db } $int = new interfaces($row['id'], $row['tgt_id'], $row['name'], $row['ipv4'], $row['ipv6'], $row['hostname'], $row['fqdn'], $row['description']); - $this->help->select("sagacity.ports_proto_services pps", array('pps.id', 'pps.port', 'pps.proto', + $this->help->select("sagacity.ports_proto_services pps", array( + 'pps.id', + 'pps.port', + 'pps.proto', "IF(ppsl.name != pps.IANA_Name, ppsl.name, pps.IANA_Name) AS 'name'", "IF(ppsl.banner != pps.banner, ppsl.banner, pps.banner) AS 'banner'", "IF(ppsl.notes != pps.notes, ppsl.notes, pps.notes) AS 'notes'" - ), array( + ), array( array( 'field' => 'ppsl.int_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ), array( - 'field' => 'pps.id', - 'op' => IN, - 'value' => "(SELECT pps_id FROM sagacity.pps_list WHERE int_id={$row['id']})", + 'field' => 'pps.id', + 'op' => IN, + 'value' => "(SELECT pps_id FROM sagacity.pps_list WHERE int_id={$row['id']})", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.pps_list ppsl ON ppsl.pps_id=pps.id" ) @@ -6306,14 +6495,16 @@ class db $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['id'])) { - $rows2 = array(0 => $rows2); + $rows2 = array( + 0 => $rows2 + ); } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $port) { - $class = "{$port['proto']}_ports"; + $class = "{$port['proto']}_ports"; $method = "add_" . strtoupper($port['proto']) . "_Ports"; - $port = new $class($port['id'], $port['port'], $port['name'], $port['banner'], $port['notes']); + $port = new $class($port['id'], $port['port'], $port['name'], $port['banner'], $port['notes']); $int->$method($port); } } @@ -6324,12 +6515,13 @@ class db /** * Return the last ID of the last interface in the database * - * @return integer - * Returns the ID of the last interface that was inserted + * @return integer Returns the ID of the last interface that was inserted */ public function get_Last_Interface_ID() { - $this->help->select("sagacity.interfaces", array('id'), [], array( + $this->help->select("sagacity.interfaces", array( + 'id' + ), [], array( 'order' => 'id DESC', 'limit' => 1 )); @@ -6345,36 +6537,37 @@ class db * Save an interface * * @param array|interfaces $req - * Associative array of data to insert into database - * @param string $action [optional] - * String representing the action to be taken ('insert','update', defaulted to 'insert') - * @param integer $tgt_id [optional] - * Integer that the interface info is going to be save to (defaulted to 0) + * Associative array of data to insert into database + * @param string $action + * [optional] + * String representing the action to be taken ('insert','update', defaulted to 'insert') + * @param integer $tgt_id + * [optional] + * Integer that the interface info is going to be save to (defaulted to 0) * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Interface($req, $action = 'insert') { if ($action == 'insert') { if (is_array($req)) { $first = array_shift($req); - if (!is_a($first, 'interfaces')) { + if (! is_a($first, 'interfaces')) { return false; } $req[$first->get_IPv4()] = $first; foreach ($req as $int) { $this->help->insert("sagacity.interfaces", array( - 'tgt_id' => $int->get_TGT_ID(), - 'ipv4' => $int->get_IPv4(), - 'ipv6' => $int->get_IPv6(), - 'hostname' => $int->get_Hostname(), - 'fqdn' => $int->get_FQDN(), + 'tgt_id' => $int->get_TGT_ID(), + 'ipv4' => $int->get_IPv4(), + 'ipv6' => $int->get_IPv6(), + 'hostname' => $int->get_Hostname(), + 'fqdn' => $int->get_FQDN(), 'description' => $int->get_Description(), - 'mac' => $int->get_MAC() - ), true); + 'mac' => $int->get_MAC() + ), true); - if (!($int_id = $this->help->execute())) { + if (! ($int_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -6405,25 +6598,29 @@ class db } if (count($ports)) { - $this->help->extended_insert("pps_list", array('int_id', 'pps_id', 'banner', 'notes'), $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("pps_list", array( + 'int_id', + 'pps_id', + 'banner', + 'notes' + ), $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } } - } - elseif (is_a($req, 'interfaces')) { + } elseif (is_a($req, 'interfaces')) { $this->help->insert("interfaces", array( - 'tgt_id' => $req->get_TGT_ID(), - 'ipv4' => $req->get_IPv4(), - 'ipv6' => $req->get_IPv6(), - 'hostname' => $req->get_Hostname(), - 'fqdn' => $req->get_FQDN(), + 'tgt_id' => $req->get_TGT_ID(), + 'ipv4' => $req->get_IPv4(), + 'ipv6' => $req->get_IPv6(), + 'hostname' => $req->get_Hostname(), + 'fqdn' => $req->get_FQDN(), 'description' => $req->get_Description(), - 'mac' => $req->get_MAC() - ), true); + 'mac' => $req->get_MAC() + ), true); - if (!($int_id = $this->help->execute())) { + if (! ($int_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -6454,55 +6651,57 @@ class db } if (count($ports)) { - $this->help->extended_insert("sagacity.pps_list", array('int_id', 'pps_id', 'banner', 'notes'), $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("sagacity.pps_list", array( + 'int_id', + 'pps_id', + 'banner', + 'notes' + ), $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } - } - else { + } else { $this->help->insert("interfaces", array( - 'tgt_id' => $req['tgt_id'], - 'ipv4' => $req['ipv4'], + 'tgt_id' => $req['tgt_id'], + 'ipv4' => $req['ipv4'], 'hostname' => (isset($req['hostname']) ? $req['hostname'] : $req['ipv4']), - 'fadn' => (isset($req['fqdn']) ? $req['fqdn'] : $req['fqdn']) - ), true); + 'fadn' => (isset($req['fqdn']) ? $req['fqdn'] : $req['fqdn']) + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } } - } - else { + } else { if (isset($req['ip']) && $req['ip'] != null) { foreach ($req['ip'] as $int_id => $val) { if (isset($req['new'][$int_id])) { $this->help->insert("sagacity.interfaces", [ - 'tgt_id' => $req['tgt'], - 'ipv4' => $req['ip'][$int_id], - 'hostname' => $req['hostname'][$int_id], - 'fqdn' => $req['fqdn'][$int_id], - 'name' => $req['name'][$int_id], - 'description' => $req['description'][$int_id], - ], true); + 'tgt_id' => $req['tgt'], + 'ipv4' => $req['ip'][$int_id], + 'hostname' => $req['hostname'][$int_id], + 'fqdn' => $req['fqdn'][$int_id], + 'name' => $req['name'][$int_id], + 'description' => $req['description'][$int_id] + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - elseif ($val != 'DELETE') { + } elseif ($val != 'DELETE') { $this->help->update("sagacity.interfaces", [ - 'name' => $req['name'][$int_id], - 'ipv4' => $val, - 'hostname' => $req['hostname'][$int_id], - 'fqdn' => $req['fqdn'][$int_id], + 'name' => $req['name'][$int_id], + 'ipv4' => $val, + 'hostname' => $req['hostname'][$int_id], + 'fqdn' => $req['fqdn'][$int_id], 'description' => $req['description'][$int_id] - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ] ]); @@ -6538,22 +6737,26 @@ class db } if (count($ports)) { - $this->help->extended_insert("pps_list", ['int_id', 'pps_id', 'name', 'banner', 'notes'], $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("pps_list", [ + 'int_id', + 'pps_id', + 'name', + 'banner', + 'notes' + ], $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } - } - else { + } else { $this->help->debug(E_ERROR); return false; } - } - else { + } else { $this->help->delete("sagacity.pps_list", null, array( array( 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ) )); @@ -6561,7 +6764,7 @@ class db $this->help->delete("sagacity.interfaces", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ) )); @@ -6577,10 +6780,9 @@ class db * Function to delete an target interface from the database * * @param int $id - * The ID of the interface to be deleted + * The ID of the interface to be deleted * - * @return boolean - * Returns TRUE if interface successfully deleted, otherwise FALSE + * @return boolean Returns TRUE if interface successfully deleted, otherwise FALSE */ public function delete_Interface($id) { @@ -6588,11 +6790,11 @@ class db $this->help->delete("sagacity.pps_list", null, [ [ 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -6601,11 +6803,11 @@ class db $this->help->delete("sagacity.interfaces", null, [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -6618,43 +6820,34 @@ class db * Save the port to the database * * @param interfaces $int - * Interface to tie the ports to + * Interface to tie the ports to * @param array:tcp_ports|array:udp_ports $ports - * Array of tcp and udp ports that are to be saved - * @param string $action [optional] - * Whether or not the ports are to be updated or inserted (defaulted 'insert') + * Array of tcp and udp ports that are to be saved + * @param string $action + * [optional] + * Whether or not the ports are to be updated or inserted (defaulted 'insert') * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Ports($int, $ports, $action = 'insert') { - $ret = true; + $ret = true; $ins_sql = 'REPLACE INTO `sagacity`.`pps_list` (`int_id`,`pps_id`,`name`,`banner`,`notes`) VALUES '; if ($action == 'insert') { foreach ($ports as $port) { - $ins_sql .= "(" . $int->get_ID() . ", " . - "(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" . - " AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " . - " AND `notes` NOT LIKE '%historic%' LIMIT 1), " . - "'" . $this->conn->real_escape_string($port->get_IANA_Name()) . "', " . - "'" . $this->conn->real_escape_string($port->get_Banner()) . "', " . - "'" . $this->conn->real_escape_string($port->get_Notes()) . "'), "; + $ins_sql .= "(" . $int->get_ID() . ", " . "(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" . " AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " . " AND `notes` NOT LIKE '%historic%' LIMIT 1), " . "'" . $this->conn->real_escape_string($port->get_IANA_Name()) . "', " . "'" . $this->conn->real_escape_string($port->get_Banner()) . "', " . "'" . $this->conn->real_escape_string($port->get_Notes()) . "'), "; } - $ins_sql = substr($ins_sql, 0, -1); + $ins_sql = substr($ins_sql, 0, - 1); if (strlen($ins_sql) > 84) { - if (!$this->conn->real_query($ins_sql)) { + if (! $this->conn->real_query($ins_sql)) { Sagacity_Error::sql_handler($ins_sql); error_log($this->conn->error); $ret = false; } } - } - else { - - } + } else {} return $ret; } @@ -6664,37 +6857,45 @@ class db /** * Get TCP port data * - * @param integer $port_number [optional] - * Port number to retrieve from database + * @param integer $port_number + * [optional] + * Port number to retrieve from database * - * @return array:tcp_ports|NULL - * Returns array of tcp ports, or null if none found + * @return array:tcp_ports|NULL Returns array of tcp ports, or null if none found */ public function get_TCP_Ports($port_number = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 'proto', - 'op' => '=', + 'op' => '=', 'value' => 'tcp' ] ]; - if (!is_null($port_number)) { + if (! is_null($port_number)) { $where[] = [ - 'field' => 'port', - 'op' => '=', - 'value' => $port_number, + 'field' => 'port', + 'op' => '=', + 'value' => $port_number, 'sql_op' => 'AND' ]; } - $this->help->select("ports_proto_services", ['id', 'port', 'iana_Name', 'banner', 'notes'], $where); + $this->help->select("ports_proto_services", [ + 'id', + 'port', + 'iana_Name', + 'banner', + 'notes' + ], $where); $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6713,36 +6914,43 @@ class db * Get UDP port data * * @param integer $port_number - * Port number to retrieve from database + * Port number to retrieve from database * - * @return array:udp_ports|NULL - * Returns array of udp ports, or null if none found + * @return array:udp_ports|NULL Returns array of udp ports, or null if none found */ public function get_UDP_Ports($port_number = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 'proto', - 'op' => '=', + 'op' => '=', 'value' => 'udp' ] ]; - if (!is_null($port_number)) { + if (! is_null($port_number)) { $where[] = [ - 'field' => 'port', - 'op' => '=', - 'value' => $port_number, + 'field' => 'port', + 'op' => '=', + 'value' => $port_number, 'sql_op' => 'AND' ]; } - $this->help->select("ports_proto_services", ['id', 'port', 'iana_Name', 'banner', 'notes'], $where); + $this->help->select("ports_proto_services", [ + 'id', + 'port', + 'iana_Name', + 'banner', + 'notes' + ], $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6761,20 +6969,19 @@ class db * Function to retrieve a nessus object * * @param string $nessus_id - * Nessus ID of the object you want + * Nessus ID of the object you want * - * @return nessus|NULL - * Returns nessus object and associated references, or null if none found + * @return nessus|NULL Returns nessus object and associated references, or null if none found */ public function get_Nessus($nessus_id) { $this->help->select("nessus_plugins np", null, [ [ 'field' => 'np.plugin_id', - 'op' => '=', + 'op' => '=', 'value' => $nessus_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.nessus n ON n.nessus_id = np.plugin_id" ] @@ -6794,7 +7001,7 @@ class db $this->help->select("sagacity.nessus_meta", null, [ [ 'field' => 'plugin_id', - 'op' => '=', + 'op' => '=', 'value' => $row['plugin_id'] ] ]); @@ -6817,53 +7024,68 @@ class db * Update Nessus data * * @param array:nessus|nessus $nessus - * Nessus object to update + * Nessus object to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Nessus($nessus) { - $nessus_arr = []; - $meta_arr = []; + $nessus_arr = []; + $meta_arr = []; $plugins_arr = []; - $update_arr = []; + $update_arr = []; - $nessus_fields = array('pdi_id', 'nessus_id'); - $meta_fields = array('plugin_id', 'type', 'val'); - $plugins_fields = array('plugin_id', 'name', 'copyright', 'version', 'file_name', 'file_date'); + $nessus_fields = array( + 'pdi_id', + 'nessus_id' + ); + $meta_fields = array( + 'plugin_id', + 'type', + 'val' + ); + $plugins_fields = array( + 'plugin_id', + 'name', + 'copyright', + 'version', + 'file_name', + 'file_date' + ); $this->help->create_table("tmp_nessus", true, array( array( - 'field' => 'plugin_id', + 'field' => 'plugin_id', 'datatype' => 'int(11)', - 'options' => 'primary key' + 'options' => 'primary key' ), array( - 'field' => 'name', + 'field' => 'name', 'datatype' => 'varchar(255)' ), array( - 'field' => 'copyright', + 'field' => 'copyright', 'datatype' => 'varchar(255)' ), array( - 'field' => 'version', + 'field' => 'version', 'datatype' => 'varchar(45)' ), array( - 'field' => 'file_name', + 'field' => 'file_name', 'datatype' => 'varchar(100)' ), array( - 'field' => 'file_date', + 'field' => 'file_date', 'datatype' => 'int(11)' ) )); $this->help->execute(); if (is_a($nessus, 'nessus')) { - $nessus = array(0 => $nessus); + $nessus = array( + 0 => $nessus + ); } if (is_array($nessus)) { @@ -6872,7 +7094,7 @@ class db $db_nessus = $this->get_Nessus($plug->get_Nessus_ID()); if (is_null($db_nessus)) { - if (!$plug->get_PDI_ID()) { + if (! $plug->get_PDI_ID()) { $pdi = new pdi(null, $plug->get_Category(), $plug->get_FileDate_Date()); $pdi->set_Short_Title($plug->get_Name()); $pdi->set_Group_Title($plug->get_Name()); @@ -6894,8 +7116,7 @@ class db ]; $refs = $plug->get_Reference(); - } - else { + } else { $update_arr[] = [ $plug->get_Nessus_ID(), $plug->get_Name(), @@ -6908,12 +7129,19 @@ class db $refs = $plug->compare_References($db_nessus); } - $nessus_arr[] = [$plug->get_PDI_ID(), $plug->get_Nessus_ID()]; + $nessus_arr[] = [ + $plug->get_PDI_ID(), + $plug->get_Nessus_ID() + ]; if (is_array($refs) && count($refs)) { foreach ($refs as $type => $ref) { foreach ($ref as $val) { - $meta_arr[] = array($plug->get_Nessus_ID(), $type, $val); + $meta_arr[] = array( + $plug->get_Nessus_ID(), + $type, + $val + ); } } } @@ -6921,38 +7149,37 @@ class db if (is_array($plugins_arr) && count($plugins_arr)) { $this->help->extended_insert("nessus_plugins", $plugins_fields, $plugins_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($update_arr) && count($update_arr)) { $this->help->extended_insert("tmp_nessus", $plugins_fields, $update_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } $this->help->extended_update("nessus_plugins", "tmp_nessus", "plugin_id", $plugins_fields); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($nessus_arr) && count($nessus_arr)) { $this->help->extended_insert("nessus", $nessus_fields, $nessus_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($meta_arr) && count($meta_arr)) { $this->help->extended_insert("nessus_meta", $meta_fields, $meta_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } - } - else { + } else { return false; } @@ -6965,28 +7192,21 @@ class db * Getter function for oval * * @param string $oval_id - * Oval ID to retrieve from database + * Oval ID to retrieve from database * - * @return oval|NULL - * Returns oval object, or null if none found + * @return oval|NULL Returns oval object, or null if none found */ public function get_Oval($oval_id) { $oval = null; - $sql = "SELECT " . - "`pdi_id`, `oval_id`, `title`, `desc`, `platform`, `ext_def`, `ext_def_op` " . - "FROM sagacity.oval " . - "WHERE `oval_id` = '" . $this->conn->real_escape_string($oval_id) . "'"; + $sql = "SELECT " . "`pdi_id`, `oval_id`, `title`, `desc`, `platform`, `ext_def`, `ext_def_op` " . "FROM sagacity.oval " . "WHERE `oval_id` = '" . $this->conn->real_escape_string($oval_id) . "'"; if ($res = $this->conn->query($sql)) { $row = $res->fetch_assoc(); $oval = new oval($row['pdi_id'], $row['oval_id'], $row['title'], $row['desc'], $row['platform'], $row['ext_def'], $row['ext_def_op']); - $sql = "SELECT" . - "`oval_id`, `source`, `url`, `ref_id` " . - "FROM sagacity.oval_ref " . - "WHERE `oval_id` = '" . $this->conn->real_escape_string($row['oval_id']) . "'"; + $sql = "SELECT" . "`oval_id`, `source`, `url`, `ref_id` " . "FROM sagacity.oval_ref " . "WHERE `oval_id` = '" . $this->conn->real_escape_string($row['oval_id']) . "'"; if ($res2 = $this->conn->query($sql)) { while ($row2 = $res2->fetch_assoc()) { @@ -6994,15 +7214,13 @@ class db $oval->add_Reference($ref); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } return $oval; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7014,84 +7232,49 @@ class db * Function to create a OVAL xml file to import into SCC * * @param string $os - * Operating system version to query + * Operating system version to query * - * @return string - * Returns string representing XML + * @return string Returns string representing XML */ public function get_OS_Oval($os) { - $xmlns = "xmlns = 'http://oval.mitre.org/XMLSchema/oval-definitions-5#windows'"; + $xmlns = "xmlns = 'http://oval.mitre.org/XMLSchema/oval-definitions-5#windows'"; // ------------------------------ Start ----------------------------- // create temporary db table to combine all OVAL checks marked 'M' and not 'M' - $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . - "pdi.`id`, o.`oval_id`, s.`stig_id`, vms.`vms_id`, pdi.`check_contents`, pdi.`short_title` " . - "FROM `pdi_catalog` AS pdi " . - "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . - "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . - "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . - "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . - "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . - "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . - "WHERE " . - "o.`oval_id` = 'M' AND " . - "pdi.`check_contents` LIKE '%Registry Hive%' AND " . - "sft.`man` = 'MS' AND " . - "sft.`name` = 'Windows' AND " . - "sft.`ver` = '$os' " . - "GROUP BY `stig_id`"; + $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . "pdi.`id`, o.`oval_id`, s.`stig_id`, vms.`vms_id`, pdi.`check_contents`, pdi.`short_title` " . "FROM `pdi_catalog` AS pdi " . "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . "WHERE " . "o.`oval_id` = 'M' AND " . "pdi.`check_contents` LIKE '%Registry Hive%' AND " . "sft.`man` = 'MS' AND " . "sft.`name` = 'Windows' AND " . "sft.`ver` = '$os' " . "GROUP BY `stig_id`"; $this->conn->real_query($tmp_sql); // delete rows in temporary table from other checklist that cannot designated as manual - $del_sql = "DELETE FROM tmp_oval " . - "WHERE `id` IN (" . - "SELECT pdi.`id` " . - "FROM `pdi_catalog` AS pdi " . - "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . - "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . - "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . - "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . - "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . - "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . - "WHERE " . - "o.`oval_id` != 'M' AND " . - "pdi.`check_contents` REGEXP 'Registry Hive' AND " . - "sft.`man` = 'MS' AND " . - "sft.`name` = 'Windows' AND " . - "sft.`ver` = '$os' " . - "GROUP BY pdi.`id`)"; + $del_sql = "DELETE FROM tmp_oval " . "WHERE `id` IN (" . "SELECT pdi.`id` " . "FROM `pdi_catalog` AS pdi " . "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . "WHERE " . "o.`oval_id` != 'M' AND " . "pdi.`check_contents` REGEXP 'Registry Hive' AND " . "sft.`man` = 'MS' AND " . "sft.`name` = 'Windows' AND " . "sft.`ver` = '$os' " . "GROUP BY pdi.`id`)"; $this->conn->real_query($del_sql); - $sql = "SELECT " . - "`id`, `oval_id`, `stig_id`, `vms_id`, `check_contents`, `short_title` " . - "FROM `tmp_oval`"; + $sql = "SELECT " . "`id`, `oval_id`, `stig_id`, `vms_id`, `check_contents`, `short_title` " . "FROM `tmp_oval`"; if ($sth = $this->conn->prepare($sql)) { if ($sth->execute()) { - $pdi_id = 0; - $oval_id = ''; - $stig_id = ''; - $vms_id = ''; + $pdi_id = 0; + $oval_id = ''; + $stig_id = ''; + $vms_id = ''; $check_contents = ''; - $short_title = ''; - $x = 0; + $short_title = ''; + $x = 0; $sth->bind_result($pdi_id, $oval_id, $stig_id, $vms_id, $check_contents, $short_title); // oval_file xml validation check - $root = ''; -// declaring string variables and setting values to empty - $def = ''; - $tst = ''; - $obj = ''; - $ste = ''; -// generator node in xml format - $date = new DateTime(); // insert date and time when file completed - $gen = "DISA FSO5.3" . - $date->format(DATE_W3C) . ""; + $root = ''; + // declaring string variables and setting values to empty + $def = ''; + $tst = ''; + $obj = ''; + $ste = ''; + // generator node in xml format + $date = new DateTime(); // insert date and time when file completed + $gen = "DISA FSO5.3" . $date->format(DATE_W3C) . ""; while ($sth->fetch()) { - $x++; + $x ++; $match = []; preg_match('/Registry Hive: +(\S*)/', $check_contents, $match); $hive = $match[1]; @@ -7104,7 +7287,7 @@ class db if (is_array($match) && count($match) == 2) { $c_operator = 'AND'; - $c_count = 1; + $c_count = 1; } preg_match('/Type: +(\S*)/', $check_contents, $match); @@ -7114,109 +7297,62 @@ class db $value = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL; if (strpos($type, "PDI ID: " . $pdi_id) !== false) { -// print "$pdi_id, $vms_id this VMS item cannot be automated".PHP_EOL.PHP_EOL; + // print "$pdi_id, $vms_id this VMS item cannot be automated".PHP_EOL.PHP_EOL; continue; } -// variables set for various xml nodes - $def_id = 'oval:smc.gpea.windows:def:' . $pdi_id; - $tst_id = 'oval:smc.gpea.windows:tst:' . $pdi_id . "00"; - $ste_id = 'oval:smc.gpea.windows:ste:' . $pdi_id . "00"; - $obj_id = 'oval:smc.gpea.windows:obj:' . $pdi_id . "00"; - $var_id = 'oval:smc.gpea.windows:var:' . $pdi_id . "00"; - $def_class = 'compliance'; - $m_family = 'windows'; - $aft_platform = 'Microsoft Windows ' . $os; + // variables set for various xml nodes + $def_id = 'oval:smc.gpea.windows:def:' . $pdi_id; + $tst_id = 'oval:smc.gpea.windows:tst:' . $pdi_id . "00"; + $ste_id = 'oval:smc.gpea.windows:ste:' . $pdi_id . "00"; + $obj_id = 'oval:smc.gpea.windows:obj:' . $pdi_id . "00"; + $var_id = 'oval:smc.gpea.windows:var:' . $pdi_id . "00"; + $def_class = 'compliance'; + $m_family = 'windows'; + $aft_platform = 'Microsoft Windows ' . $os; $tst_chk_existence = ($c_count == 1 ? "all_exist" : ''); -// definitions node in xml format - $def .= "" . "" . - "$short_title" . "" . - "$aft_platform" . "" . - "" . - "$short_title" . "" . - ""; + // definitions node in xml format + $def .= "" . "" . "$short_title" . "" . "$aft_platform" . "" . "" . "$short_title" . "" . ""; if ($c_count == 1) { - $def .= "" . PHP_EOL; + $def .= "" . PHP_EOL; } $def .= ""; - $tst .= "" . - "" . "" . - ""; + $tst .= "" . "" . "" . ""; - if (substr($path, -1) != "\\") { + if (substr($path, - 1) != "\\") { $path .= "\\"; } - $obj .= "" . - "" . strtoupper($hive) . "" . - "$path" . "$name" . - ""; + $obj .= "" . "" . strtoupper($hive) . "" . "$path" . "$name" . ""; - $ste .= "" . "" . - strtolower($type) . "" . "$value" . ""; + $ste .= "" . "" . strtolower($type) . "" . "$value" . ""; } $sth->close(); } } -// ------------------------------ End ----------------------------- -// ------------------------------ Start ----------------------------- - $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . - "pdi.`id`,o.`oval_id`,s.`stig_id`,vms.`vms_id`,pdi.`check_contents`,pdi.`short_title` " . - "FROM `sagacity`.`pdi_catalog` AS pdi " . - "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . - "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . - "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . - "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . - "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . - "WHERE " . - "o.`oval_id`='M' AND " . - "pdi.`check_contents` LIKE '%AuditPol%' AND " . - "sft.`man`='MS' AND " . - "sft.`name`='Windows' AND " . - "sft.`ver`='$os' " . - "GROUP BY `stig_id`"; + // ------------------------------ End ----------------------------- + // ------------------------------ Start ----------------------------- + $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . "pdi.`id`,o.`oval_id`,s.`stig_id`,vms.`vms_id`,pdi.`check_contents`,pdi.`short_title` " . "FROM `sagacity`.`pdi_catalog` AS pdi " . "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . "WHERE " . "o.`oval_id`='M' AND " . "pdi.`check_contents` LIKE '%AuditPol%' AND " . "sft.`man`='MS' AND " . "sft.`name`='Windows' AND " . "sft.`ver`='$os' " . "GROUP BY `stig_id`"; $this->conn->real_query($tmp_sql); - $del_sql = "DELETE FROM tmp_oval " . - "WHERE `id` IN (" . - "SELECT pdi.`id` " . - "FROM `sagacity`.`pdi_catalog` AS pdi " . - "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . - "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . - "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . - "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . - "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . - "WHERE " . - "o.`oval_id`!='M' AND " . - "pdi.`check_contents` REGEXP 'AuditPol' AND " . - "sft.`man`='MS' AND " . - "sft.`name`='Windows' AND " . - "sft.`ver`='$os' " . - "GROUP BY pdi.`id`)"; + $del_sql = "DELETE FROM tmp_oval " . "WHERE `id` IN (" . "SELECT pdi.`id` " . "FROM `sagacity`.`pdi_catalog` AS pdi " . "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . "WHERE " . "o.`oval_id`!='M' AND " . "pdi.`check_contents` REGEXP 'AuditPol' AND " . "sft.`man`='MS' AND " . "sft.`name`='Windows' AND " . "sft.`ver`='$os' " . "GROUP BY pdi.`id`)"; $this->conn->real_query($del_sql); - $sql = "SELECT " . - "`id`,`oval_id`,`stig_id`,`vms_id`,`check_contents`,`short_title` " . - "FROM `tmp_oval`"; + $sql = "SELECT " . "`id`,`oval_id`,`stig_id`,`vms_id`,`check_contents`,`short_title` " . "FROM `tmp_oval`"; if ($sth = $this->conn->prepare($sql)) { if ($sth->execute()) { - $pdi_id = 0; - $oval_id = ''; - $stig_id = ''; - $vms_id = ''; + $pdi_id = 0; + $oval_id = ''; + $stig_id = ''; + $vms_id = ''; $check_contents = ''; - $short_title = ''; - $x = 0; + $short_title = ''; + $x = 0; $sth->bind_result($pdi_id, $oval_id, $stig_id, $vms_id, $check_contents, $short_title); $sth->store_result(); @@ -7230,37 +7366,29 @@ class db $ste_id = "oval:smc.gpea.windows:ste:" . $pdi_id . "00"; $arrow_idx = strpos($check_contents, '->') + 3; - $dash_idx = strpos($check_contents, ' - '); + $dash_idx = strpos($check_contents, ' - '); $subcat = substr($check_contents, $arrow_idx, $dash_idx - $arrow_idx); - $tag = str_replace(' ', '_', strtolower($subcat)); + $tag = str_replace(' ', '_', strtolower($subcat)); $audit = substr($check_contents, $dash_idx + 3); - $ste .= "" . - "<$tag datatype='string'>" . - ($audit == 'Failure' ? 'AUDIT_FAILURE' : 'AUDIT_SUCCESS') . "" . - ""; + $ste .= "" . "<$tag datatype='string'>" . ($audit == 'Failure' ? 'AUDIT_FAILURE' : 'AUDIT_SUCCESS') . "" . ""; - $tst .= "" . - "" . - "" . ""; + $tst .= "" . "" . "" . ""; } - } - else { + } else { error_log($sth->error); } - } - else { + } else { error_log($this->conn->error); } -// ------------------------------ End ----------------------------- -// ------------------------------ Start ----------------------------- -// ------------------------------ End ----------------------------- + // ------------------------------ End ----------------------------- + // ------------------------------ Start ----------------------------- + // ------------------------------ End ----------------------------- - $xml_string = $root . - "$gen$def$tst$obj$ste"; + $xml_string = $root . "$gen$def$tst$obj$ste"; return $xml_string; } @@ -7269,10 +7397,9 @@ class db * Function to get oval constant data from database * * @param string $oval_id - * Oval ID to get constant data for + * Oval ID to get constant data for * - * @return array - * Returns array of constant ID and value + * @return array Returns array of constant ID and value */ public function get_Oval_Const($oval_id) { @@ -7280,16 +7407,15 @@ class db if ($res = $this->conn->query($sql)) { $vals = []; - while ($row = $res->fetch_assoc()) { + while ($row = $res->fetch_assoc()) { $vals[] = $row['value']; } return array( 'const_id' => $row['const_id'], - 'values' => $vals + 'values' => $vals ); - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); return null; @@ -7300,24 +7426,23 @@ class db * Function to add an Oval * * @param oval $oval - * Oval to add to database + * Oval to add to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Oval($oval) { $this->help->insert("sagacity.oval", array( - 'pdi_id' => $oval->get_PDI_ID(), - 'oval_id' => $oval->get_Oval_ID(), - 'title' => $oval->get_Title(), - 'desc' => $oval->get_Description(), - 'platform' => $oval->get_Platform(), - 'ext_def' => $oval->get_External_Definition(), + 'pdi_id' => $oval->get_PDI_ID(), + 'oval_id' => $oval->get_Oval_ID(), + 'title' => $oval->get_Title(), + 'desc' => $oval->get_Description(), + 'platform' => $oval->get_Platform(), + 'ext_def' => $oval->get_External_Definition(), 'ext_def_op' => $oval->get_External_Definition_Operator() - ), true); + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7329,24 +7454,23 @@ class db * Function to save oval data * * @param oval $oval_in - * Oval to update database + * Oval to update database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Oval($oval_in) { $this->help->replace("sagacity.oval", array( - 'pdi_id' => $oval_in->get_PDI_ID(), - 'oval_id' => $oval_in->get_Oval_ID(), - 'title' => $oval_in->get_Title(), - 'desc' => $oval_in->get_Description(), - 'platform' => $oval_in->get_Platform(), - 'ext_def' => $oval_in->get_External_Definition(), + 'pdi_id' => $oval_in->get_PDI_ID(), + 'oval_id' => $oval_in->get_Oval_ID(), + 'title' => $oval_in->get_Title(), + 'desc' => $oval_in->get_Description(), + 'platform' => $oval_in->get_Platform(), + 'ext_def' => $oval_in->get_External_Definition(), 'ext_def_op' => $oval_in->get_External_Definition_Operator() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7360,12 +7484,11 @@ class db * Function to retrieve a PDI from the database * * @param integer $pdi_id - * PDI ID to get from database + * PDI ID to get from database * @param integer $chk_id - * Checklist ID to filter on + * Checklist ID to filter on * - * @return pdi|NULL - * Returns PDI object, or null if none found + * @return pdi|NULL Returns PDI object, or null if none found */ public function get_PDI($pdi_id, $chk_id = null) { @@ -7373,7 +7496,7 @@ class db $this->help->select("sagacity.pdi_catalog p", null, [ [ 'field' => 'p.id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ] ]); @@ -7385,17 +7508,17 @@ class db $pdi->set_Short_Title($row['short_title']); $pdi->set_Check_Contents($row['check_contents']); - if (!is_null($chk_id)) { + if (! is_null($chk_id)) { $this->help->select("sagacity.pdi_checklist_lookup", null, [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ], [ - 'field' => 'checklist_id', - 'op' => '=', - 'value' => $chk_id, + 'field' => 'checklist_id', + 'op' => '=', + 'value' => $chk_id, 'sql_op' => 'AND' ] ]); @@ -7417,17 +7540,16 @@ class db * Function to get pdi catalog item from database * * @param integer $pdi_id - * Get PDI Catalog entry from database using this ID + * Get PDI Catalog entry from database using this ID * - * @return array|NULL - * Returns associative array with record, or null if none found + * @return array|NULL Returns associative array with record, or null if none found */ public function get_PDI_Catalog($pdi_id) { $this->help->select("sagacity.pdi", null, array( array( 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ) )); @@ -7439,67 +7561,65 @@ class db * Function to attempt to match text * * @param pdi $pdi - * PDI to match in database + * PDI to match in database * @param nessus $nessus - * Nessus to match in database + * Nessus to match in database * @param cve $cve - * CVE to match in database + * CVE to match in database * @param iavm $iavm - * IAVM to match in database + * IAVM to match in database * - * @return array|NULL - * Returns array of possible matches, or null if none found + * @return array|NULL Returns array of possible matches, or null if none found */ public function get_Matching_PDIs($pdi, $nessus, $cve, $iavm) { /* - $string = ''; - - if (!is_null($nessus)) { - $string = $nessus->get_Name() . ' ' . $nessus->get_Description() . ' ' . $nessus->get_Summary(); - } - elseif (!is_null($cve)) { - $string = $cve->get_Description(); - } - elseif (!is_null($iavm)) { - $string = $iavm->get_Title() . ' ' . $iavm->get_Executive_Summary(); - } - - foreach ($this->DISALLOWED as $word) { - $string = preg_replace("/\s" . $word . "\s/i", " ", $string); - } - - $sql = "SELECT " . - "MATCH(pdi.`short_title`,pdi.`description`,pdi.`check_content`) " . - "AGAINST('" . $this->conn->real_escape_string($string) . "' IN NATURAL LANGUAGE MODE) AS 'score'," . - "pdi.`id`,pdi.`short_title`,pdi.`description`,pdi.`check_content` " . - "FROM `sagacity`.`pdi_catalog` pdi " . - "GROUP BY pdi.`id`,`score` " . - "HAVING `score` > 10 " . - "ORDER BY `score` DESC " . - "LIMIT 0, 5"; - - $ret = []; - - if ($res = $this->conn->query($sql)) { - while ($row = $res->fetch_assoc()) { - $ret[] = array( - 'score' => number_format($row['score'], 3), - 'pdi_id' => $row['id'], - 'title' => $row['short_title'], - 'check_content' => $row['check_content'], - 'desc' => $row['description'] - ); - } - - return $ret; - } - else { - Sagacity_Error::sql_handler($sql); - error_log($this->conn->error); - } + * $string = ''; + * + * if (!is_null($nessus)) { + * $string = $nessus->get_Name() . ' ' . $nessus->get_Description() . ' ' . $nessus->get_Summary(); + * } + * elseif (!is_null($cve)) { + * $string = $cve->get_Description(); + * } + * elseif (!is_null($iavm)) { + * $string = $iavm->get_Title() . ' ' . $iavm->get_Executive_Summary(); + * } + * + * foreach ($this->DISALLOWED as $word) { + * $string = preg_replace("/\s" . $word . "\s/i", " ", $string); + * } + * + * $sql = "SELECT " . + * "MATCH(pdi.`short_title`,pdi.`description`,pdi.`check_content`) " . + * "AGAINST('" . $this->conn->real_escape_string($string) . "' IN NATURAL LANGUAGE MODE) AS 'score'," . + * "pdi.`id`,pdi.`short_title`,pdi.`description`,pdi.`check_content` " . + * "FROM `sagacity`.`pdi_catalog` pdi " . + * "GROUP BY pdi.`id`,`score` " . + * "HAVING `score` > 10 " . + * "ORDER BY `score` DESC " . + * "LIMIT 0, 5"; + * + * $ret = []; + * + * if ($res = $this->conn->query($sql)) { + * while ($row = $res->fetch_assoc()) { + * $ret[] = array( + * 'score' => number_format($row['score'], 3), + * 'pdi_id' => $row['id'], + * 'title' => $row['short_title'], + * 'check_content' => $row['check_content'], + * 'desc' => $row['description'] + * ); + * } + * + * return $ret; + * } + * else { + * Sagacity_Error::sql_handler($sql); + * error_log($this->conn->error); + * } */ - return null; } @@ -7507,10 +7627,9 @@ class db * Function to try and find a PDI * * @param array $data_in - * An array of a type and value to search for. This will primarily be intended for types that don't have a readily available link to a PDI (nessus, retina, CVE, IAVM, etc). + * An array of a type and value to search for. This will primarily be intended for types that don't have a readily available link to a PDI (nessus, retina, CVE, IAVM, etc). * - * @return integer - * Returns the PDI id of the matching entry, or 0 if none found + * @return integer Returns the PDI id of the matching entry, or 0 if none found */ public function find_PDI($data_in) { @@ -7523,8 +7642,7 @@ class db if ($nessus->get_PDI_ID()) { return $nessus->get_PDI_ID(); - } - else { + } else { $cves = $nessus->get_Reference_By_Type('cve'); foreach ($cves as $cve_num) { $cve = $this->get_CVE($cve_num); @@ -7537,12 +7655,11 @@ class db while ($row = $res->fetch_assoc()) { $iavm = $this->get_IAVM($row['noticeId']); - if (!is_null($iavm)) { + if (! is_null($iavm)) { return $iavm->get_PDI_ID(); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7550,14 +7667,7 @@ class db $bids = $nessus->get_Reference_By_Type('bid'); foreach ($bids as $bid_num) { - $sql = "SELECT iavm.`pdi_id` " . - "FROM `sagacity`.`nessus_refs` nr " . - "JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " . - "JOIN `sagacity`.`iavm_notices` iavm ON iavm.`noticeId`=ib.`iavm_notice_id` " . - "WHERE " . - "nr.`type`='bid' AND " . - "nr.`val`=" . $this->conn->real_escape_string($bid_num) . " AND " . - "nr.`plugin_id`=" . $this->conn->real_escape_string($nessus->get_Nessus_ID()); + $sql = "SELECT iavm.`pdi_id` " . "FROM `sagacity`.`nessus_refs` nr " . "JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " . "JOIN `sagacity`.`iavm_notices` iavm ON iavm.`noticeId`=ib.`iavm_notice_id` " . "WHERE " . "nr.`type`='bid' AND " . "nr.`val`=" . $this->conn->real_escape_string($bid_num) . " AND " . "nr.`plugin_id`=" . $this->conn->real_escape_string($nessus->get_Nessus_ID()); if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { return $row['pdi_id']; @@ -7573,12 +7683,12 @@ class db * Function to save an existing PDI * * @param pdi $pdi_in - * The PDI to save or update - * @param checklist $checklist [optional] - * The checklist to link new PDIs to (if null links to Orphan checklist) + * The PDI to save or update + * @param checklist $checklist + * [optional] + * The checklist to link new PDIs to (if null links to Orphan checklist) * - * @return boolean|int - * Returns ID of PDI or FALSE if failed to save. + * @return boolean|int Returns ID of PDI or FALSE if failed to save. */ public function save_PDI($pdi_in, $checklist = null) { @@ -7586,34 +7696,33 @@ class db if ($pdi_in->get_ID()) { $this->help->update('sagacity.pdi_catalog', [ - 'cat' => $pdi_in->get_Category_Level(), - 'update' => $pdi_in->get_Last_Update(), - 'short_title' => $pdi_in->get_Short_Title(), + 'cat' => $pdi_in->get_Category_Level(), + 'update' => $pdi_in->get_Last_Update(), + 'short_title' => $pdi_in->get_Short_Title(), 'check_contents' => $pdi_in->get_Check_Contents() - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_in->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } $pdi_id = $pdi_in->get_ID(); - } - else { + } else { $this->help->insert("sagacity.pdi_catalog", [ - "cat" => $pdi_in->get_Category_Level(), - 'update' => $pdi_in->get_Last_Update(), - 'short_title' => $pdi_in->get_Short_Title(), + "cat" => $pdi_in->get_Category_Level(), + 'update' => $pdi_in->get_Last_Update(), + 'short_title' => $pdi_in->get_Short_Title(), 'check_contents' => $pdi_in->get_Check_Contents() ]); - if (!($pdi_id = $this->help->execute())) { + if (! ($pdi_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -7627,35 +7736,33 @@ class db if (is_array($checklist) && isset($checklist[0]) && is_a($checklist[0], 'checklist')) { $this->help->insert('sagacity.pdi_checklist_lookup', [ - 'pdi_id' => $pdi_id, - 'checklist_id' => $checklist[0]->get_ID(), + 'pdi_id' => $pdi_id, + 'checklist_id' => $checklist[0]->get_ID(), 'check_contents' => $pdi_in->get_Check_Contents(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'fix_text' => $pdi_in->get_Fix_Text() - ], true); + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'fix_text' => $pdi_in->get_Fix_Text() + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - elseif (is_a($checklist, 'checklist')) { + } elseif (is_a($checklist, 'checklist')) { $this->help->insert("sagacity.pdi_checklist_lookup", array( - 'pdi_id' => $pdi_id, - 'checklist_id' => $checklist->get_ID(), + 'pdi_id' => $pdi_id, + 'checklist_id' => $checklist->get_ID(), 'check_contents' => $pdi_in->get_Check_Contents(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'fix_text' => $pdi_in->get_Fix_Text() - ), true); + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'fix_text' => $pdi_in->get_Fix_Text() + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - else { + } else { Sagacity_Error::err_handler("Cannon link PDI ID $pdi_id with a checklist", E_WARNING); } @@ -7666,51 +7773,53 @@ class db * Function to save the check contents to a specific PDI and checklist * * @param pdi $pdi_in - * The PDI (containing the check contents) + * The PDI (containing the check contents) * @param checklist $checklist_in - * The checklist - * @param string $check_contents_in [optional] - * The check contents to save (will use check contents in $pdi_in if this is null) - * @param string $fix_text_in [optional] - * The fix text to save + * The checklist + * @param string $check_contents_in + * [optional] + * The check contents to save (will use check contents in $pdi_in if this is null) + * @param string $fix_text_in + * [optional] + * The fix text to save * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Check_Contents($pdi_in, $checklist_in, $check_contents_in = null, $fix_text_in = null) { $this->help->replace("sagacity.pdi_checklist_lookup", array( - 'pdi_id' => $pdi_in->get_ID(), - 'checklist_id' => $checklist_in->get_ID(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'check_contents' => (!is_null($check_contents_in) ? $check_contents_in : $pdi_in->get_Check_Contents()), - 'fix_text' => (!is_null($fix_text_in) ? $fix_text_in : $pdi_in->get_Fix_Text()) + 'pdi_id' => $pdi_in->get_ID(), + 'checklist_id' => $checklist_in->get_ID(), + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'check_contents' => (! is_null($check_contents_in) ? $check_contents_in : $pdi_in->get_Check_Contents()), + 'fix_text' => (! is_null($fix_text_in) ? $fix_text_in : $pdi_in->get_Fix_Text()) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { return false; } return true; } -// }}} -// {{{ PROC_IA_CONTROLS CLASS FUNCTIONS + // }}} + // {{{ PROC_IA_CONTROLS CLASS FUNCTIONS /** * Function to get all procedural IA controls for specified system * * @param ste $ste_in - * ST&E to query the database for - * @param string $control_id [optional] - * Control ID to query (default null) + * ST&E to query the database for + * @param string $control_id + * [optional] + * Control ID to query (default null) * - * @return array:proc_ia_controls - * Return array of proc_ia_controls and associated sub controls, or empty array if none found + * @return array:proc_ia_controls Return array of proc_ia_controls and associated sub controls, or empty array if none found */ public function get_Proc_IA_Controls($ste_in, $control_id = null) { $ret = []; - $sys = $this->get_System($ste_in->get_System()->get_ID())[0]; + $sys = $this->get_System($ste_in->get_System() + ->get_ID())[0]; switch ($sys->get_Classification()) { case 'Public': $class = 'pub'; @@ -7725,16 +7834,9 @@ class db $class = ''; } - $sql = "SELECT " . - "pia.`control_id`,pia.`name`,pia.`subject_area`,pia.`description`," . - "pia.`threat_vul_cm`,pia.`gen_imp_guide`,pia.`guide_resource`,pia.`impact` " . - "FROM `sagacity`.`proc_ia_controls` pia " . - "LEFT JOIN `sagacity`.`proc_level_type` plt ON plt.`proc_control`=pia.`control_id` " . - "WHERE plt.`type`='diacap' AND " . - "plt.`level`=" . $sys->get_MAC() . " AND " . - "plt.`class`='$class'"; + $sql = "SELECT " . "pia.`control_id`,pia.`name`,pia.`subject_area`,pia.`description`," . "pia.`threat_vul_cm`,pia.`gen_imp_guide`,pia.`guide_resource`,pia.`impact` " . "FROM `sagacity`.`proc_ia_controls` pia " . "LEFT JOIN `sagacity`.`proc_level_type` plt ON plt.`proc_control`=pia.`control_id` " . "WHERE plt.`type`='diacap' AND " . "plt.`level`=" . $sys->get_MAC() . " AND " . "plt.`class`='$class'"; - if (!is_null($control_id)) { + if (! is_null($control_id)) { $sql .= " AND pia.`control_id`='" . $this->conn->real_escape_string($control_id) . "'"; } @@ -7742,56 +7844,43 @@ class db while ($row = $res->fetch_assoc()) { $ia = new proc_ia_controls($row['control_id'], $row['name'], $row['subject_area'], $row['description'], $row['threat_vul_cm'], $row['gen_imp_guide'], $row['guide_resource'], $row['impact']); - $sql2 = "SELECT `ste_id`,`control_id`,`vul_desc`,`mitigations`,`references`,`risk_analysis`,`notes`,`done` " . - "FROM `sagacity`.`control_findings` " . - "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . - "`control_id`='" . $row['control_id'] . "'"; + $sql2 = "SELECT `ste_id`,`control_id`,`vul_desc`,`mitigations`,`references`,`risk_analysis`,`notes`,`done` " . "FROM `sagacity`.`control_findings` " . "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . "`control_id`='" . $row['control_id'] . "'"; if ($res2 = $this->conn->query($sql2)) { if ($res2->num_rows > 0) { $row2 = $res2->fetch_assoc(); - $ia->finding->control_id = $row2['control_id']; - $ia->finding->ste_id = $row2['ste_id']; - $ia->finding->vul_desc = $row2['vul_desc']; - $ia->finding->mitigations = $row2['mitigations']; - $ia->finding->reference = $row2['references']; - $ia->finding->notes = $row2['notes']; + $ia->finding->control_id = $row2['control_id']; + $ia->finding->ste_id = $row2['ste_id']; + $ia->finding->vul_desc = $row2['vul_desc']; + $ia->finding->mitigations = $row2['mitigations']; + $ia->finding->reference = $row2['references']; + $ia->finding->notes = $row2['notes']; $ia->finding->risk_analysis = $row2['risk_analysis']; - $ia->finding->done = $row2['done']; + $ia->finding->done = $row2['done']; } } - $sql2 = "SELECT " . - "`sub_control_id`,`name`,`objective`," . - "`prep`,`script`,`exp_result` " . - "FROM `sagacity`.`proc_ia_sub_controls` " . - "WHERE `parent_control_id`='" . $row['control_id'] . "'"; + $sql2 = "SELECT " . "`sub_control_id`,`name`,`objective`," . "`prep`,`script`,`exp_result` " . "FROM `sagacity`.`proc_ia_sub_controls` " . "WHERE `parent_control_id`='" . $row['control_id'] . "'"; if ($res2 = $this->conn->query($sql2)) { while ($row2 = $res2->fetch_assoc()) { $ia_sub = new proc_sub_ia_controls($row2['sub_control_id'], $row2['name'], $row2['objective'], $row2['prep'], $row2['script'], $row2['exp_result']); - $sql3 = "SELECT " . - "`ste_id`,`proc_id`,`status`,`test_results`," . - "`mitigations`,`milestones`,`ref`,`notes` " . - "FROM `sagacity`.`proc_findings` " . - "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . - "`proc_id`='" . $row2['sub_control_id'] . "'"; + $sql3 = "SELECT " . "`ste_id`,`proc_id`,`status`,`test_results`," . "`mitigations`,`milestones`,`ref`,`notes` " . "FROM `sagacity`.`proc_findings` " . "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . "`proc_id`='" . $row2['sub_control_id'] . "'"; if ($res3 = $this->conn->query($sql3)) { if ($res3->num_rows > 0) { $row3 = $res3->fetch_assoc(); - $ia_sub->finding->control_id = $row3['proc_id']; - $ia_sub->finding->ste_id = $row3['ste_id']; + $ia_sub->finding->control_id = $row3['proc_id']; + $ia_sub->finding->ste_id = $row3['ste_id']; $ia_sub->finding->test_result = $row3['test_results']; - $ia_sub->finding->mitigation = $row3['mitigations']; - $ia_sub->finding->milestone = $row3['milestones']; - $ia_sub->finding->reference = $row3['ref']; - $ia_sub->finding->notes = $row3['notes']; - $ia_sub->finding->status = $row3['status']; - } - else { + $ia_sub->finding->mitigation = $row3['mitigations']; + $ia_sub->finding->milestone = $row3['milestones']; + $ia_sub->finding->reference = $row3['ref']; + $ia_sub->finding->notes = $row3['notes']; + $ia_sub->finding->status = $row3['status']; + } else { $ia_sub->finding->status = 'Not Reviewed'; } } @@ -7802,8 +7891,7 @@ class db $ret[] = $ia; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7811,8 +7899,8 @@ class db return $ret; } -// }}} -// {{{ INTERVIEW QUESTION CLASS FUNCTIONS + // }}} + // {{{ INTERVIEW QUESTION CLASS FUNCTIONS /** * Function to return the categories * @@ -7820,8 +7908,12 @@ class db */ public function get_Question_Categories() { - $ret = []; - $this->help->select("interview_questions", ['cat'], [], ['group' => 'cat']); + $ret = []; + $this->help->select("interview_questions", [ + 'cat' + ], [], [ + 'group' => 'cat' + ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -7842,27 +7934,20 @@ class db public function get_Questions($cat_in, $type_in = null) { $ret = []; - $sql = "SELECT " . - "iq.`id`,iq.`key`,iq.`cat`,iq.`question`," . - "(SELECT ci.`answer` " . - "FROM `category_interview` ci " . - "WHERE ci.`ques_id`=iq.`id` AND ci.`cat_id`=" . $this->conn->real_escape_string($cat_in) . ") AS 'answer' " . - "FROM `interview_questions` iq " . - "WHERE iq.`cat`='" . $this->conn->real_escape_string($type_in) . "'"; + $sql = "SELECT " . "iq.`id`,iq.`key`,iq.`cat`,iq.`question`," . "(SELECT ci.`answer` " . "FROM `category_interview` ci " . "WHERE ci.`ques_id`=iq.`id` AND ci.`cat_id`=" . $this->conn->real_escape_string($cat_in) . ") AS 'answer' " . "FROM `interview_questions` iq " . "WHERE iq.`cat`='" . $this->conn->real_escape_string($type_in) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { - $ques = new question(); - $ques->id = $row['id']; - $ques->cat = $row['cat']; - $ques->key = $row['key']; + $ques = new question(); + $ques->id = $row['id']; + $ques->cat = $row['cat']; + $ques->key = $row['key']; $ques->question = $row['question']; - $ques->answer = $row['answer']; + $ques->answer = $row['answer']; $ret[] = $ques; } - } - else { + } else { print $sql . "
"; print $this->conn->error; Sagacity_Error::sql_handler($sql); @@ -7881,30 +7966,37 @@ class db */ public function get_Interview_Answers($cat_id_in) { - $ret = []; - $this->help->select("interview_questions iq", ['iq.id', 'iq.key', 'iq.question', 'ci.answer'], [ + $ret = []; + $this->help->select("interview_questions iq", [ + 'iq.id', + 'iq.key', + 'iq.question', + 'ci.answer' + ], [ [ 'field' => 'ci.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id_in ] - ], [ + ], [ 'table_joins' => "LEFT JOIN category_interview ci ON iq.id = ci.ques_id" ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $ques = new question(); - $ques->id = $row['id']; - $ques->key = $row['key']; + $ques->id = $row['id']; + $ques->key = $row['key']; $ques->question = $row['question']; - $ques->answer = ($row['answer'] ? true : false); + $ques->answer = ($row['answer'] ? true : false); $ret[] = $ques; } @@ -7924,19 +8016,16 @@ class db $this->help->delete("category_interview", null, [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_in ] ]); $this->help->execute(); - $this->help->sql = "INSERT IGNORE INTO `category_interview` (`cat_id`,`ques_id`)" . - " SELECT " . $this->conn->real_escape_string($cat_in) . ",`id`" . - " FROM `interview_questions`" . - " WHERE `cat`='" . $this->conn->real_escape_string($type_in) . "'"; + $this->help->sql = "INSERT IGNORE INTO `category_interview` (`cat_id`,`ques_id`)" . " SELECT " . $this->conn->real_escape_string($cat_in) . ",`id`" . " FROM `interview_questions`" . " WHERE `cat`='" . $this->conn->real_escape_string($type_in) . "'"; $this->help->query_type = db_helper::INSERT; - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7953,21 +8042,23 @@ class db */ public function set_QA($cat_id_in, $question) { - $this->help->update("category_interview", ['answer' => ($question->answer)], [ + $this->help->update("category_interview", [ + 'answer' => ($question->answer) + ], [ [ 'field' => 'ques_id', - 'op' => '=', + 'op' => '=', 'value' => $question->id ], [ - 'field' => 'cat_id', - 'op' => '=', - 'value' => $cat_id_in, + 'field' => 'cat_id', + 'op' => '=', + 'value' => $cat_id_in, 'sql_op' => 'AND' ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7975,24 +8066,21 @@ class db return true; } -// }}} -// {{{ RETINA CLASS FUNCTIONS + // }}} + // {{{ RETINA CLASS FUNCTIONS /** * Update retina data * * @param retina $retina_In - * Retina object to save to database + * Retina object to save to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Retina($retina_In) { - $sql = "REPLACE INTO `sagacity`.`retina` (`pdi_id`,`retina_id`) VALUES (" . - $this->conn->real_escape_string($retina_In->get_PDI_ID()) . "," . - $this->conn->real_escape_string($retina_In->get_Retina_ID()) . ")"; + $sql = "REPLACE INTO `sagacity`.`retina` (`pdi_id`,`retina_id`) VALUES (" . $this->conn->real_escape_string($retina_In->get_PDI_ID()) . "," . $this->conn->real_escape_string($retina_In->get_Retina_ID()) . ")"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); return false; @@ -8001,11 +8089,11 @@ class db return true; } -// }}} -// {{{ RMF_CONTROL CLASS FUNCTIONS + // }}} + // {{{ RMF_CONTROL CLASS FUNCTIONS /** * Function to get all the RMF controls that apply to a certain baseline impact
- * Used for tailoring later + * Used for tailoring later * * @param string $baseline * @@ -8014,19 +8102,15 @@ class db public function get_RMF_Control_By_Baseline($baseline) { $ret = []; - if (!in_array($baseline, array("low", "moderate", "high"))) { + if (! in_array($baseline, array( + "low", + "moderate", + "high" + ))) { return []; } - $sql = "SELECT " . - "f.`abbr`,f.`name` AS 'family_name' " . - "c.`control_id`,c.`name` AS 'control_name',c.`pri`,c.`statement`,c.`guidance` " . - "cb.`impact_level` " . - "FROM `rmf`.`controls` c " . - "JOIN `rmf`.`control_baseline` cb ON cb.`control_id`=c.`control_id` " . - "JOIN `rmf`.`family` f ON f.`abbr`=c.`family_id` " . - "WHERE cb.`impact_level`='" . $this->conn->real_escape_string($baseline) . "'" - ; + $sql = "SELECT " . "f.`abbr`,f.`name` AS 'family_name' " . "c.`control_id`,c.`name` AS 'control_name',c.`pri`,c.`statement`,c.`guidance` " . "cb.`impact_level` " . "FROM `rmf`.`controls` c " . "JOIN `rmf`.`control_baseline` cb ON cb.`control_id`=c.`control_id` " . "JOIN `rmf`.`family` f ON f.`abbr`=c.`family_id` " . "WHERE cb.`impact_level`='" . $this->conn->real_escape_string($baseline) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -8034,7 +8118,7 @@ class db $family->set_Abbr($row['abbr']); $family->set_Name($row['family_name']); - $rmf = new rmf_control(); + $rmf = new rmf_control(); $rmf->family = $family; $rmf->set_Control_ID($row['control_id']); $rmf->set_Name($row['control_name']); @@ -8048,8 +8132,7 @@ class db $ret[] = $rmf; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -8064,17 +8147,13 @@ class db */ public function get_RMF_Related_Controls(rmf_control &$rmf) { - $sql = "SELECT rc.`related_control_id` " . - "FROM `rmf`.`related_controls rc " . - "WHERE rc.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "'" - ; + $sql = "SELECT rc.`related_control_id` " . "FROM `rmf`.`related_controls rc " . "WHERE rc.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $rmf->add_Related_Control($row['related_control_id']); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -8088,14 +8167,7 @@ class db */ public function get_RMF_Enhanced_Controls(rmf_control &$rmf, $baseline = null) { - $sql = "SELECT " . - "ce.`enh_id`,ce.`name`,ce.`desc`,ce.`guidance` " . - "FROM `rmf`.`control_enh` ce " . - "JOIN `rmf`.`enhancement_baseline eb ON eb.`control_id`=ce.`control_id` AND " . - "eb.`enh_id`=ce.`enh_id` " . - "WHERE ce.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "' AND " . - "eb.`impact`='" . (is_null($baseline) ? $rmf->get_Worst_Baseline() : $baseline) . "'" - ; + $sql = "SELECT " . "ce.`enh_id`,ce.`name`,ce.`desc`,ce.`guidance` " . "FROM `rmf`.`control_enh` ce " . "JOIN `rmf`.`enhancement_baseline eb ON eb.`control_id`=ce.`control_id` AND " . "eb.`enh_id`=ce.`enh_id` " . "WHERE ce.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "' AND " . "eb.`impact`='" . (is_null($baseline) ? $rmf->get_Worst_Baseline() : $baseline) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -8107,29 +8179,28 @@ class db $rmf->add_Enhanced_Control($enh); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } } -// }}} -// {{{ SCAN CLASS FUNCTIONS + // }}} + // {{{ SCAN CLASS FUNCTIONS /** * Get ScanData for Results page * * @param integer $intSTE - * ST&E ID to grab scans for - * @param integer|string $Scan_ID [optional] - * Scan ID or file name to grab (defaulted null) + * ST&E ID to grab scans for + * @param integer|string $Scan_ID + * [optional] + * Scan ID or file name to grab (defaulted null) * - * @return array:scan|NULL - * Returns array of scans associated with the ST&E, or null if none found + * @return array:scan|NULL Returns array of scans associated with the ST&E, or null if none found */ public function get_ScanData($intSTE, $Scan_ID = null, $status_in = null, $type_in = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 's.ste_id', @@ -8137,65 +8208,66 @@ class db ] ]; - if (!is_null($Scan_ID)) { + if (! is_null($Scan_ID)) { if (is_numeric($Scan_ID)) { $where[] = [ - 'field' => 's.id', - 'value' => $Scan_ID, + 'field' => 's.id', + 'value' => $Scan_ID, 'sql_op' => 'AND' ]; - } - else { + } else { $where[] = [ - 'field' => 's.file_name', - 'value' => $Scan_ID, + 'field' => 's.file_name', + 'value' => $Scan_ID, 'sql_op' => 'AND' ]; } } - if (!is_null($status_in)) { + if (! is_null($status_in)) { $where[] = [ - 'field' => 's.status', - 'value' => $status_in, + 'field' => 's.status', + 'value' => $status_in, 'sql_op' => 'AND' ]; } - if (!is_null($type_in)) { + if (! is_null($type_in)) { $where[] = [ - 'field' => 'src.name', - 'value' => $type_in, + 'field' => 'src.name', + 'value' => $type_in, 'sql_op' => 'AND' ]; } - $this->help->select("scans s", ['s.*'], $where, [ + $this->help->select("scans s", [ + 's.*' + ], $where, [ 'table_joins' => [ "JOIN sources src ON src.id=s.src_id" ], - 'order' => 's.file_name' + 'order' => 's.file_name' ]); $scan_rows = $this->help->execute(); if (isset($scan_rows['id'])) { - $scan_rows = [0 => $scan_rows]; + $scan_rows = [ + 0 => $scan_rows + ]; } if (is_array($scan_rows) && count($scan_rows)) { foreach ($scan_rows as $row) { $src = $this->get_Sources($row['src_id']); if (is_array($src) && count($src) && isset($src[0]) && is_a($src[0], 'source')) { $src = $src[0]; - } - else { + } else { continue; } $ste = $this->get_STE($intSTE); if (is_array($ste) && count($ste) && isset($ste[0]) && is_a($ste[0], 'ste')) { $ste = $ste[0]; - } - else { + } else { continue; } @@ -8209,23 +8281,31 @@ class db $scan->set_Last_Host($row['last_host']); $scan->set_Total_Host_Count($row['host_count']); - $this->help->select("host_list hl", ['hl.tgt_id', 't.name', 'hl.finding_count', 'hl.scanner_error', 'hl.notes'], [ + $this->help->select("host_list hl", [ + 'hl.tgt_id', + 't.name', + 'hl.finding_count', + 'hl.scanner_error', + 'hl.notes' + ], [ [ 'field' => 'hl.scan_id', 'value' => $row['id'] ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN target t ON t.id=hl.tgt_id" ] ]); $hl_rows = $this->help->execute(); if (is_array($hl_rows) && count($hl_rows) && isset($hl_rows['tgt_id'])) { - $hl_rows = [0 => $hl_rows]; + $hl_rows = [ + 0 => $hl_rows + ]; } if (is_array($hl_rows) && count($hl_rows) && isset($hl_rows[0])) { foreach ($hl_rows as $row) { - $tgt = new target($row['name']); + $tgt = new target($row['name']); $tgt->set_ID($row['tgt_id']); $tgt->set_STE_ID($intSTE); $tgt->interfaces = $this->get_Interfaces($tgt->get_ID()); @@ -8256,63 +8336,64 @@ class db * Save scan data * * @param scan $new_Scan - * New scan to save to database + * New scan to save to database * - * @return integer - * Returns ID of new scan, or 0 if fail + * @return integer Returns ID of new scan, or 0 if fail */ public function save_Scan($new_Scan) { - if (!is_a($new_Scan, "scan")) { + if (! is_a($new_Scan, "scan")) { return; } - if (!is_a($new_Scan->get_Source(), 'source')) { - throw(new Exception("Wrong source type " . print_r($new_Scan->get_Source(), true))); + if (! is_a($new_Scan->get_Source(), 'source')) { + throw (new Exception("Wrong source type " . print_r($new_Scan->get_Source(), true))); } if ($new_Scan->get_ID()) { $this->help->update("scans", [ - 'src_id' => $new_Scan->get_Source()->get_ID(), - 'itr' => $new_Scan->get_Itr(), - 'file_date' => $new_Scan->get_File_DateTime(), - 'pid' => $new_Scan->get_PID(), - 'start_time' => $new_Scan->get_Start_Time(), + 'src_id' => $new_Scan->get_Source() + ->get_ID(), + 'itr' => $new_Scan->get_Itr(), + 'file_date' => $new_Scan->get_File_DateTime(), + 'pid' => $new_Scan->get_PID(), + 'start_time' => $new_Scan->get_Start_Time(), 'last_update' => $new_Scan->get_Last_Update(), - 'status' => $new_Scan->get_Status(), - 'perc_comp' => $new_Scan->get_Percentage_Complete(), - 'last_host' => $new_Scan->get_Last_Host(), - 'host_count' => $new_Scan->get_Total_Host_Count(), - 'notes' => $new_Scan->get_Notes() - ], [ + 'status' => $new_Scan->get_Status(), + 'perc_comp' => $new_Scan->get_Percentage_Complete(), + 'last_host' => $new_Scan->get_Last_Host(), + 'host_count' => $new_Scan->get_Total_Host_Count(), + 'notes' => $new_Scan->get_Notes() + ], [ [ 'field' => 'id', 'value' => $new_Scan->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } $this->update_Scan_Host_List($new_Scan, $new_Scan->get_Host_List()); - } - else { + } else { $this->help->insert("scans", [ - 'src_id' => $new_Scan->get_Source()->get_ID(), - 'ste_id' => $new_Scan->get_STE()->get_ID(), - 'itr' => $new_Scan->get_Itr(), - 'file_name' => $new_Scan->get_File_Name(), - 'file_date' => $new_Scan->get_File_DateTime(), - 'pid' => $new_Scan->get_PID(), - 'start_time' => $new_Scan->get_Start_Time(), + 'src_id' => $new_Scan->get_Source() + ->get_ID(), + 'ste_id' => $new_Scan->get_STE() + ->get_ID(), + 'itr' => $new_Scan->get_Itr(), + 'file_name' => $new_Scan->get_File_Name(), + 'file_date' => $new_Scan->get_File_DateTime(), + 'pid' => $new_Scan->get_PID(), + 'start_time' => $new_Scan->get_Start_Time(), 'last_update' => $new_Scan->get_Last_Update(), - 'status' => $new_Scan->get_Status(), - 'perc_comp' => $new_Scan->get_Percentage_Complete(), - 'last_host' => $new_Scan->get_Last_Host(), - 'host_count' => $new_Scan->get_Total_Host_Count(), - 'notes' => $new_Scan->get_Notes() + 'status' => $new_Scan->get_Status(), + 'perc_comp' => $new_Scan->get_Percentage_Complete(), + 'last_host' => $new_Scan->get_Last_Host(), + 'host_count' => $new_Scan->get_Total_Host_Count(), + 'notes' => $new_Scan->get_Notes() ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return 0; } @@ -8328,14 +8409,13 @@ class db * Delete a scan (associated finding data and optionally targets) * * @param integer $ste_id - * ST&E ID where the scan exists + * ST&E ID where the scan exists * @param integer $scan_id - * Scan to delete from database + * Scan to delete from database * @param boolean $del_tgts - * Boolean to decide if we are deleting targets as well + * Boolean to decide if we are deleting targets as well * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function delete_Scan($ste_id, $scan_id, $del_tgts = false) { @@ -8343,23 +8423,24 @@ class db if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) { $scan = $scan[0]; - } - elseif (!is_a($scan, 'scan')) { + } elseif (! is_a($scan, 'scan')) { Sagacity_Error::err_handler("Failed to find Scan ($scan_id)", E_ERROR); return false; } - $this->help->delete("finding_controls fc", ['fc.*'], [ + $this->help->delete("finding_controls fc", [ + 'fc.*' + ], [ [ 'field' => 'f.scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] - ], [ - "JOIN findings f ON f.id=fc.finding_id" + ], [ + "JOIN findings f ON f.tgt_id = fc.tgt_id AND f.pdi_id = fc.pdi_id" ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8367,12 +8448,12 @@ class db $this->help->delete("findings", null, [ [ 'field' => 'scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8380,12 +8461,12 @@ class db $this->help->delete("host_list", null, [ [ 'field' => 'scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8393,18 +8474,19 @@ class db $this->help->delete("scans", null, [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } if ($del_tgts) { /** + * * @var host_list $host */ foreach ($scan->get_Host_List() as $host) { @@ -8419,12 +8501,12 @@ class db * Updates the host_list field for a particular scan * * @param scan $scan - * Scan to update - * @param array $host_list [optional] - * Formatted host list to update (default null) + * Scan to update + * @param array $host_list + * [optional] + * Formatted host list to update (default null) * - * @return boolean - * Returns TRUE if successful, otherwise FALSEs + * @return boolean Returns TRUE if successful, otherwise FALSEs */ public function update_Scan_Host_List($scan, $host_list = null) { @@ -8434,7 +8516,7 @@ class db 'value' => $scan->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8450,10 +8532,9 @@ class db $host->getScanNotes() ]; } - } - else { + } else { foreach ($host_list as $host) { - if (!is_a($host, 'host_list')) { + if (! is_a($host, 'host_list')) { break; } $params[] = [ @@ -8467,8 +8548,14 @@ class db } if (count($params)) { - $this->help->extended_insert("host_list", ['scan_id', 'tgt_id', 'finding_count', 'scanner_error', 'notes'], $params); - if (!$this->help->execute()) { + $this->help->extended_insert("host_list", [ + 'scan_id', + 'tgt_id', + 'finding_count', + 'scanner_error', + 'notes' + ], $params); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } @@ -8480,39 +8567,41 @@ class db * Get the scan source data * * @param integer|string $srcID - * Source ID or name to grab from database + * Source ID or name to grab from database * - * @return source|NULL - * Returns source, or null if none found + * @return source|NULL Returns source, or null if none found */ public function get_Sources($srcID = null) { $where = []; - $ret = null; + $ret = null; - if (!is_null($srcID)) { + if (! is_null($srcID)) { if (is_numeric($srcID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $srcID ]; - } - else { + } else { $where[] = [ - 'field' => 'name', - 'op' => '=', - 'value' => $srcID, + 'field' => 'name', + 'op' => '=', + 'value' => $srcID, 'case_insensitive' => true ]; } } - $this->help->select("sagacity.sources", null, $where, ['order' => 'name']); + $this->help->select("sagacity.sources", null, $where, [ + 'order' => 'name' + ]); $src_rows = $this->help->execute(); if (is_array($src_rows) && isset($src_rows['id'])) { - $src_rows = [0 => $src_rows]; + $src_rows = [ + 0 => $src_rows + ]; } if (is_array($src_rows) && count($src_rows) && isset($src_rows[0])) { @@ -8539,17 +8628,21 @@ class db if (is_array($cat) && count($cat)) { $cat = $cat[0]; } - if (!is_a($cat, "ste_cat")) { + if (! is_a($cat, "ste_cat")) { return []; } $ret = []; - $this->help->select("sagacity.sources s", ['s.id', 's.name', 's.icon'], [ + $this->help->select("sagacity.sources s", [ + 's.id', + 's.name', + 's.icon' + ], [ [ 'field' => 'cat.id', - 'op' => '=', + 'op' => '=', 'value' => $cat->get_ID() ] - ], [ + ], [ 'table_joins' => [ "JOIN sagacity.ste_cat_sources src ON s.id=src.src_id", "JOIN sagacity.ste_cat cat ON cat.id=src.cat_id" @@ -8558,15 +8651,17 @@ class db $src_arr = $this->help->execute(); if (is_array($src_arr) && count($src_arr) && isset($src_arr['id'])) { - $src_arr = [0 => $src_arr]; + $src_arr = [ + 0 => $src_arr + ]; } if (is_array($src_arr) && count($src_arr) && isset($src_arr[0])) { foreach ($src_arr as $row) { - $src = new source($row['id'], $row['name']); + $src = new source($row['id'], $row['name']); $icon = null; if ($row['icon']) { - $icon = str_replace(" ", "-", substr($row['icon'], 0, -4)) . "-missing.png"; + $icon = str_replace(" ", "-", substr($row['icon'], 0, - 4)) . "-missing.png"; } $src->set_Icon($icon); $ret[$src->get_ID()]['src'] = $src; @@ -8587,49 +8682,56 @@ class db public function get_Target_Scan_Sources($tgt, &$exp_scan_srcs = null) { $ret = []; - $this->help->select("sources src", ["src.id", "src.name", "src.icon", "SUM(hl.finding_count) AS 'finding_count'", "hl.scanner_error", "hl.notes"], [ + $this->help->select("sources src", [ + "src.id", + "src.name", + "src.icon", + "SUM(hl.finding_count) AS 'finding_count'", + "hl.scanner_error", + "hl.notes" + ], [ [ 'field' => 'hl.tgt_id', 'value' => $tgt->get_ID() ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN scans s ON s.src_id=src.id", "LEFT JOIN host_list hl ON hl.scan_id=s.id" ], - 'group' => 'src.name,src.id' + 'group' => 'src.name,src.id' ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { if (is_null($exp_scan_srcs)) { foreach ($rows as $row) { - $ret[$row['id']]['src'] = new source($row['id'], $row['name']); + $ret[$row['id']]['src'] = new source($row['id'], $row['name']); $ret[$row['id']]['src']->set_Icon($row['icon']); - $ret[$row['id']]['count'] = $row['finding_count']; + $ret[$row['id']]['count'] = $row['finding_count']; $ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $ret[$row['id']]['notes'] = $row['notes']; + $ret[$row['id']]['notes'] = $row['notes']; } - } - else { + } else { foreach ($rows as $row) { if (isset($exp_scan_srcs[$row['id']])) { $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; + $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; - } - else { - $exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']); + $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; + } else { + $exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']); $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; + $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; + $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; } } @@ -8640,25 +8742,26 @@ class db return $ret; } -// }}} -// {{{ SCRIPT FUNCTIONS + // }}} + // {{{ SCRIPT FUNCTIONS /** * Function to get a catalog script * - * @param string $file_name_in [optional] - * Look for a specific catalog/STIG file that is processing + * @param string $file_name_in + * [optional] + * Look for a specific catalog/STIG file that is processing * * @return array:catalog_script|NULL */ public function get_Catalog_Script($file_name_in = null) { - $ret = []; + $ret = []; $where = []; - if (!is_null($file_name_in)) { + if (! is_null($file_name_in)) { $where[] = [ 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file_name_in ]; } @@ -8669,20 +8772,22 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['file_name'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows)) { foreach ($rows as $row) { $script = new catalog_script(); - $script->file_name = $row['file_name']; - $script->pid = $row['pid']; - $script->start_time = new DateTime($row['start_time']); + $script->file_name = $row['file_name']; + $script->pid = $row['pid']; + $script->start_time = new DateTime($row['start_time']); $script->last_update = new DateTime($row['last_update']); - $script->status = $row['status']; - $script->perc_comp = $row['perc_comp']; - $script->stig_count = $row['stig_count']; + $script->status = $row['status']; + $script->perc_comp = $row['perc_comp']; + $script->stig_count = $row['stig_count']; $ret[] = $script; } @@ -8694,35 +8799,35 @@ class db /** * Function to get script count * - * @param string $status [optional] - * Return only the count for a script that is in a certain status (defaulted null) + * @param string $status + * [optional] + * Return only the count for a script that is in a certain status (defaulted null) * - * @return integer - * Returns the number of script that are in the database or count in a specific status + * @return integer Returns the number of script that are in the database or count in a specific status */ public function get_Catalog_Script_Count($status = null) { $where = []; - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ 'field' => 'status', - 'op' => '=', + 'op' => '=', 'value' => $status ]; if ($status == 'RUNNING') { $where[] = [ - 'field' => 'perc_comp', - 'op' => '<', - 'value' => 100, - 'sql_op' => 'AND', + 'field' => 'perc_comp', + 'op' => '<', + 'value' => 100, + 'sql_op' => 'AND', 'open-paren' => true ]; $where[] = [ - 'field' => 'perc_comp', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'perc_comp', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; } @@ -8741,16 +8846,17 @@ class db * Function to add new catalog parsing script * * @param string $file_name_in - * The catalog/STIG file that is processing + * The catalog/STIG file that is processing * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Catalog_Script($file_name_in) { - $this->help->insert("sagacity.catalog_scripts", ['file_name' => $file_name_in], true); + $this->help->insert("sagacity.catalog_scripts", [ + 'file_name' => $file_name_in + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8762,21 +8868,20 @@ class db * Function to update catalog script execution * * @param string $file - * Script to update + * Script to update * @param array $field - * Array with the name and value of the column to update - * 'name' => 'pid', - * 'value' => 1234 + * Array with the name and value of the column to update + * 'name' => 'pid', + * 'value' => 1234 * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Catalog_Script($file, $field) { $where = array( array( 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file ) ); @@ -8784,26 +8889,24 @@ class db if ($field['name'] == 'perc_comp' && $field['value'] == 100 && isset($field['complete'])) { $this->help->update("sagacity.catalog_scripts", array( $field['name'] => $field['value'], - 'status' => 'COMPLETE', - 'last_update' => 'NOW()' - ), $where); - } - elseif ($field['name'] == 'pid') { + 'status' => 'COMPLETE', + 'last_update' => 'NOW()' + ), $where); + } elseif ($field['name'] == 'pid') { $this->help->update("sagacity.catalog_scripts", array( $field['name'] => $field['value'], - 'status' => 'RUNNING', - 'start_time' => 'NOW()', - 'last_update' => 'NOW()' - ), $where); - } - else { + 'status' => 'RUNNING', + 'start_time' => 'NOW()', + 'last_update' => 'NOW()' + ), $where); + } else { $this->help->update('sagacity.catalog_scripts', array( $field['name'] => $field['value'], - 'last_update' => 'NOW()' - ), $where); + 'last_update' => 'NOW()' + ), $where); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { return false; } @@ -8814,23 +8917,22 @@ class db * Function to get the number of scripts that are currently running * * @param integer $ste - * ST&E to evaluate + * ST&E to evaluate * - * @return integer - * Returns the count of scripts that are running + * @return integer Returns the count of scripts that are running */ public function get_Running_Script_Count($ste) { $this->help->select_count("scans", [ [ 'field' => 'status', - 'op' => '=', + 'op' => '=', 'value' => 'RUNNING' ], [ - 'field' => 'ste_id', - 'op' => '=', - 'value' => $ste, + 'field' => 'ste_id', + 'op' => '=', + 'value' => $ste, 'sql_op' => 'AND' ] ]); @@ -8848,16 +8950,19 @@ class db */ public function get_Running_Script_Status($ste_id, $file) { - $this->help->select("sagacity.scans", ['status', 'perc_comp'], [ + $this->help->select("sagacity.scans", [ + 'status', + 'perc_comp' + ], [ [ 'field' => 'ste_id', - 'op' => '=', + 'op' => '=', 'value' => $ste_id ], [ - 'field' => 'file_name', - 'op' => '=', - 'value' => $file, + 'field' => 'file_name', + 'op' => '=', + 'value' => $file, 'sql_op' => 'AND' ] ]); @@ -8869,14 +8974,13 @@ class db * Add a new script to the database * * @param string $file - * Result file name + * Result file name * @param integer $ste_id - * The STE ID that the script is being added to + * The STE ID that the script is being added to * @param string $type - * The result type + * The result type * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function add_Running_Script($file, $ste_id, $type, $location) { @@ -8886,44 +8990,42 @@ class db $scan = $existing_scan[0]; $this->help->update("scans", [ - 'start_time' => 'NOW()', + 'start_time' => 'NOW()', 'last_update' => 'NOW()', - 'perc_comp' => 0.0 - ], [ + 'perc_comp' => 0.0 + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $scan->get_ID() ] ]); - } - else { + } else { $type = str_replace("_", " ", $type); - $src = $this->get_Sources($type); + $src = $this->get_Sources($type); if (is_array($src) && count($src) && is_a($src[0], 'source')) { $src = $src[0]; - } - else { + } else { return false; } $fd = date("Y-m-d", filemtime(TMP . "/" . $file)); $this->help->insert("sagacity.scans", [ - 'ste_id' => $ste_id, - 'src_id' => $src->get_ID(), - 'file_name' => $file, - 'file_date' => $fd, - 'start_time' => 'NOW()', + 'ste_id' => $ste_id, + 'src_id' => $src->get_ID(), + 'file_name' => $file, + 'file_date' => $fd, + 'start_time' => 'NOW()', 'last_update' => 'NOW()', - 'status' => 'IN QUEUE', - 'perc_comp' => 0.0, - 'location' => $location - ], true); + 'status' => 'IN QUEUE', + 'perc_comp' => 0.0, + 'location' => $location + ], true); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8935,19 +9037,18 @@ class db * Function to update a running script entry to add the process ID * * @param string $file - * The result file to update + * The result file to update * @param array $field - * Associative array (name,value) to know what field to update + * Associative array (name,value) to know what field to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Running_Scan($file, $field) { $where = [ [ 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file ] ]; @@ -8955,79 +9056,79 @@ class db if ($field['name'] == 'perc_comp' && $field['value'] == 100 && isset($field['complete'])) { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'status' => 'COMPLETE', - 'last_update' => 'NOW()' - ], $where); - } - elseif ($field['name'] == 'pid') { + 'status' => 'COMPLETE', + 'last_update' => 'NOW()' + ], $where); + } elseif ($field['name'] == 'pid') { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'status' => 'RUNNING', - 'start_time' => 'NOW()', - 'last_update' => 'NOW()', - 'host_count' => 0 - ], $where); - } - elseif ($field['name'] == 'last_host') { + 'status' => 'RUNNING', + 'start_time' => 'NOW()', + 'last_update' => 'NOW()', + 'host_count' => 0 + ], $where); + } elseif ($field['name'] == 'last_host') { $this->help->update("sagacity.scans s", [ "s.{$field['name']}" => $field['value'], - 's.last_update' => 'NOW()', - 's.hosts_comp' => "s.`hosts_comp`+1" - ], $where); - } - else { + 's.last_update' => 'NOW()', + 's.hosts_comp' => "s.`hosts_comp`+1" + ], $where); + } else { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'last_update' => 'NOW()' - ], $where); + 'last_update' => 'NOW()' + ], $where); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } return true; } -// }}} -// {{{ SITE CLASS FUNCTIONS + // }}} + // {{{ SITE CLASS FUNCTIONS /** * Get site data * - * @param integer $siteID [optional] - * Site ID to get from database + * @param integer $siteID + * [optional] + * Site ID to get from database * - * @return array:site - * Returns array of sites, or empty array if none found + * @return array:site Returns array of sites, or empty array if none found */ public function get_Site($siteID = null) { $where = []; $sites = []; - if (!is_null($siteID)) { + if (! is_null($siteID)) { if (is_numeric($siteID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $siteID ]; - } - else { + } else { $where = [ 'field' => 'name', - 'op' => '=', + 'op' => '=', 'value' => $siteID ]; } } - $this->help->select("sites", null, $where, ['order' => 'name']); + $this->help->select("sites", null, $where, [ + 'order' => 'name' + ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9043,20 +9144,21 @@ class db * Get a site for an ST&E * * @param integer $intSTE - * ID of the STE to isolate + * ID of the STE to isolate * - * @return site|NULL - * Returns array of sites associated with a specific ST&E, or null if none found + * @return site|NULL Returns array of sites associated with a specific ST&E, or null if none found */ public function get_Site_By_STE_ID($intSTE) { - $this->help->select("sites s", ['s.*'], [ + $this->help->select("sites s", [ + 's.*' + ], [ [ 'field' => 'ste.id', - 'op' => '=', + 'op' => '=', 'value' => $intSTE ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN ste ON ste.site_id = s.id" ] @@ -9076,53 +9178,51 @@ class db * Update or insert a site * * @param site $site_In - * Site to save to the database + * Site to save to the database * - * @return boolean|NULL - * Returns TRUE if successful, otherwise FALSE + * @return boolean|NULL Returns TRUE if successful, otherwise FALSE */ public function save_Site(site $site_In) { if ($site_In->get_Id()) { $this->help->update("sites", [ - 'name' => $site_In->get_Name(), - 'address' => $site_In->get_Address(), - 'city' => $site_In->get_City(), - 'state' => $site_In->get_State(), - 'zip' => $site_In->get_Zip(), - 'country' => $site_In->get_Country(), - 'poc_name' => $site_In->get_POC_Name(), + 'name' => $site_In->get_Name(), + 'address' => $site_In->get_Address(), + 'city' => $site_In->get_City(), + 'state' => $site_In->get_State(), + 'zip' => $site_In->get_Zip(), + 'country' => $site_In->get_Country(), + 'poc_name' => $site_In->get_POC_Name(), 'poc_email' => $site_In->get_POC_Email(), 'poc_phone' => $site_In->get_POC_Phone() - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $site_In->get_Id() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } return $site_In->get_Id(); - } - else { + } else { $this->help->insert("sites", [ - 'name' => $site_In->get_Name(), - 'address' => $site_In->get_Address(), - 'city' => $site_In->get_City(), - 'state' => $site_In->get_State(), - 'zip' => $site_In->get_Zip(), - 'country' => $site_In->get_Country(), - 'poc_name' => $site_In->get_POC_Name(), + 'name' => $site_In->get_Name(), + 'address' => $site_In->get_Address(), + 'city' => $site_In->get_City(), + 'state' => $site_In->get_State(), + 'zip' => $site_In->get_Zip(), + 'country' => $site_In->get_Country(), + 'poc_name' => $site_In->get_POC_Name(), 'poc_email' => $site_In->get_POC_Email(), 'poc_phone' => $site_In->get_POC_Phone() - ], true); + ], true); - if (!($site_id = $this->help->execute())) { + if (! ($site_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -9133,65 +9233,66 @@ class db return true; } -// }}} -// {{{ SOFTWARE CLASS FUNCTIONS + // }}} + // {{{ SOFTWARE CLASS FUNCTIONS /** * Get software data * * @param integer|string|software $software_In - * Specific ID, array of software objects, or associative array to use (default null) - * @param boolean $exact_match [optional] - * Perform an exact match on a CPE (default false) + * Specific ID, array of software objects, or associative array to use (default null) + * @param boolean $exact_match + * [optional] + * Perform an exact match on a CPE (default false) * - * @return array:software - * Returns array of matching software, or empty array if none found + * @return array:software Returns array of matching software, or empty array if none found */ public function get_Software($software_In, $exact_match = false) { - $ret = []; - $cpe = null; - $sw = null; + $ret = []; + $cpe = null; + $sw = null; $query = false; if (is_array($software_In)) { if (isset($software_In[0]) && is_a($software_In[0], 'software')) { $cpe = $software_In[0]->get_CPE(); - } - elseif (isset($software_In[0]) && isset($software_In[0]['man'])) { + } elseif (isset($software_In[0]) && isset($software_In[0]['man'])) { $software_In = $software_In[0]; $type = (isset($software_In['type']) && $software_In['type'] ? "o" : "a"); - $ver = (isset($software_In['ver']) && $software_In['ver'] ? $software_In['ver'] : "-"); - $cpe = strtolower( - str_replace( - array(" ", "(", ")"), array("_", "%28", "%29"), "cpe:/{$type}:{$software_In['man']}:{$software_In['name']}:{$ver}" - ) - ); + $ver = (isset($software_In['ver']) && $software_In['ver'] ? $software_In['ver'] : "-"); + $cpe = strtolower(str_replace(array( + " ", + "(", + ")" + ), array( + "_", + "%28", + "%29" + ), "cpe:/{$type}:{$software_In['man']}:{$software_In['name']}:{$ver}")); } if ($cpe) { $this->help->select("sagacity.software", null, array( array( 'field' => 'cpe', - 'op' => LIKE, + 'op' => LIKE, 'value' => "'%$cpe%'" ) )); $query = true; } - } - elseif (is_numeric($software_In)) { + } elseif (is_numeric($software_In)) { $this->help->select("sagacity.software", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $software_In ) )); $query = true; - } - elseif (is_string($software_In)) { - $op = $exact_match ? '=' : LIKE; + } elseif (is_string($software_In)) { + $op = $exact_match ? '=' : LIKE; $field = 'cpe'; if (strpos($software_In, "cpe:2.3") !== false) { $field = 'cpe23'; @@ -9199,11 +9300,11 @@ class db $exclude_r2 = null; if (preg_match("/windows_server_20[\d]+/", $software_In)) { - if (!preg_match("/r2/", $software_In)) { + if (! preg_match("/r2/", $software_In)) { $exclude_r2 = array( - 'field' => $field, - 'op' => NOT_LIKE, - 'value' => "'%r2%'", + 'field' => $field, + 'op' => NOT_LIKE, + 'value' => "'%r2%'", 'sql_op' => 'AND' ); } @@ -9212,22 +9313,24 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => $op, + 'op' => $op, 'value' => ($op == LIKE ? "'$software_In%'" : $software_In) - ], $exclude_r2], ['order' => 'cpe'] - ); + ], + $exclude_r2 + ], [ + 'order' => 'cpe' + ]); $query = true; - } - elseif (is_a($software_In, 'software')) { - $os = ($software_In->is_OS() ? "/o" : "/a"); - $man = str_replace(" ", "_", strtolower($software_In->get_Man())); - $name = str_replace(" ", "_", strtolower($software_In->get_Name())); - $ver = str_replace(" ", "_", strtolower($software_In->get_Version())); + } elseif (is_a($software_In, 'software')) { + $os = ($software_In->is_OS() ? "/o" : "/a"); + $man = str_replace(" ", "_", strtolower($software_In->get_Man())); + $name = str_replace(" ", "_", strtolower($software_In->get_Name())); + $ver = str_replace(" ", "_", strtolower($software_In->get_Version())); $value = "'cpe:{$os}:{$man}:{$name}:{$ver}:%'"; $field = 'cpe'; - if (!is_null($software_In->get_CPE23())) { - $os = substr($os, 1); + if (! is_null($software_In->get_CPE23())) { + $os = substr($os, 1); $value = "'cpe:2.3:{$os}:{$man}:{$name}:{$ver}:%'"; $field = 'cpe23'; } @@ -9235,18 +9338,21 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => LIKE, + 'op' => LIKE, 'value' => $value ] - ], ['order' => 'cpe'] - ); + ], [ + 'order' => 'cpe' + ]); $query = true; } if ($query) { $rows = $this->help->execute(); if (isset($rows['cpe'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9268,10 +9374,9 @@ class db * Function to retrieve a software item by using the CPE or CPE v2.3 * * @param string $cpe_in - * CPE to search for + * CPE to search for * - * @return software|NULL - * Returns software object if found, otherwise null + * @return software|NULL Returns software object if found, otherwise null */ public function get_Software_By_CPE($cpe_in) { @@ -9283,14 +9388,16 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => '=', + 'op' => '=', 'value' => $cpe_in ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9313,18 +9420,22 @@ class db */ public function get_Software_Ids(array $cpes = []) { - $ret = []; - $this->help->select("software", ['id'], [ + $ret = []; + $this->help->select("software", [ + 'id' + ], [ [ 'field' => 'cpe', - 'op' => IN, + 'op' => IN, 'value' => $cpes ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9336,36 +9447,32 @@ class db return $ret; } -// @TODO - Finish + // @TODO - Finish /** * Get a list of all software items * * @param boolean $isOS - * Boolean to isolate the operating systems + * Boolean to isolate the operating systems * @param integer $os_ID - * ID of a specific software, used to select an element in the drop-down + * ID of a specific software, used to select an element in the drop-down * - * @return string - * Returns a string with the drop-down option tags + * @return string Returns a string with the drop-down option tags */ public function get_Software_List($isOS, $os_ID = null) { $ret = ''; - $sql = "SELECT `id`,`cpe`,`cpe23`,`sw_string` " . - "FROM `sagacity`.`software`"; + $sql = "SELECT `id`,`cpe`,`cpe23`,`sw_string` " . "FROM `sagacity`.`software`"; - if (!is_null($os_ID)) { + if (! is_null($os_ID)) { $sql .= " WHERE `id`=" . $os_ID; - } - elseif ($isOS) { + } elseif ($isOS) { $sql .= " WHERE `cpe23` LIKE '%:o:%'"; - } - elseif (!$isOS) { + } elseif (! $isOS) { $sql .= " WHERE `cpe23` LIKE '%:a:%'"; } -// set up query to split cpe string then group by man and name -//$sql .= " GROUP BY "; + // set up query to split cpe string then group by man and name + // $sql .= " GROUP BY "; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -9375,10 +9482,9 @@ class db if ($os_ID == $row['id']) { $ret .= " selected "; } - $ret .= ">" . $sw->man . " " . $sw->name . " " . $sw->ver . (!empty($sw->sp) ? "(" . $sw->sp . ")" : "") . ""; + $ret .= ">" . $sw->man . " " . $sw->name . " " . $sw->ver . (! empty($sw->sp) ? "(" . $sw->sp . ")" : "") . ""; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -9390,31 +9496,34 @@ class db * Get array of software that a target has installed * * @param integer $tgt_id - * Target ID to query for + * Target ID to query for * - * @return array:software|NULL - * Returns array of software that are assigned to associated target, or null if none found + * @return array:software|NULL Returns array of software that are assigned to associated target, or null if none found */ public function get_Target_Software($tgt_id) { - $this->help->select("software s", ['s.*'], [ + $this->help->select("software s", [ + 's.*' + ], [ [ 'field' => 'ts.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.target_software ts ON ts.sft_id=s.id" ] ]); $sw_arr = $this->help->execute(); - $sft = []; + $sft = []; if (is_array($sw_arr) && count($sw_arr)) { if (isset($sw_arr['cpe'])) { - $sw_arr = [0 => $sw_arr]; + $sw_arr = [ + 0 => $sw_arr + ]; } foreach ($sw_arr as $row) { @@ -9434,43 +9543,41 @@ class db * Update existing software or add new * * @param software $sw_in - * The software to save + * The software to save * - * @return integer - * Returns the ID of the software that was just inserted or updated if successful, otherwise it returns 0 + * @return integer Returns the ID of the software that was just inserted or updated if successful, otherwise it returns 0 */ public function save_Software($sw_in) { - if (!is_null($sw_in->get_ID())) { + if (! is_null($sw_in->get_ID())) { $this->help->update("sagacity.software", array( - 'cpe' => $sw_in->get_CPE(), - 'cpe23' => $sw_in->get_CPE23(), - 'sw_string' => $sw_in->get_SW_String(), + 'cpe' => $sw_in->get_CPE(), + 'cpe23' => $sw_in->get_CPE23(), + 'sw_string' => $sw_in->get_SW_String(), 'short_sw_string' => $sw_in->get_Shortened_SW_String() - ), array( + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $sw_in->get_ID() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return 0; } return $sw_in->get_ID(); - } - else { + } else { $this->help->insert("sagacity.software", array( - 'cpe' => $sw_in->get_CPE(), - 'cpe23' => $sw_in->get_CPE23(), - 'sw_string' => $sw_in->get_SW_String(), + 'cpe' => $sw_in->get_CPE(), + 'cpe23' => $sw_in->get_CPE23(), + 'sw_string' => $sw_in->get_SW_String(), 'short_sw_string' => $sw_in->get_Shortened_SW_String() - ), true); + ), true); - if (!($sw_id = $this->help->execute())) { + if (! ($sw_id = $this->help->execute())) { $this->help->debug(E_WARNING); return 0; } @@ -9490,26 +9597,25 @@ class db */ public function get_Regex_Array($type) { - $ret = []; + $ret = []; $where = []; if ($type != 'os') { $where[] = [ 'field' => 'type', - 'op' => '=', + 'op' => '=', 'value' => $type ]; $where[] = [ - 'field' => 'type', - 'op' => '=', - 'value' => 'multiple', + 'field' => 'type', + 'op' => '=', + 'value' => 'multiple', 'sql_op' => 'OR' ]; - } - else { + } else { $where[] = [ 'field' => 'type', - 'op' => LIKE, + 'op' => LIKE, 'value' => "'%os'" ]; } @@ -9518,43 +9624,47 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $tmp = [ - 'id' => $row['id'], - 'man' => $row['man'], - 'rgx' => $row['rgx'], + 'id' => $row['id'], + 'man' => $row['man'], + 'rgx' => $row['rgx'], 'name' => [] ]; $this->help->select("sagacity.sw_name_match", null, [ [ 'field' => 'man_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ] ]); $name_rows = $this->help->execute(); if (is_array($name_rows) && count($name_rows) && isset($name_rows['id'])) { - $name_rows = [0 => $name_rows]; + $name_rows = [ + 0 => $name_rows + ]; } if (is_array($name_rows) && count($name_rows) && isset($name_rows[0])) { foreach ($name_rows as $row2) { $tmp['name'][$row2['id']] = array( - 'name' => $row2['name'], + 'name' => $row2['name'], 'man_override' => $row2['man_override'], - 'rgx' => $row2['rgx'], - 'name_match' => $row2['name_match'], - 'ver_match' => $row2['ver_match'], - 'ver' => $row2['ver'], + 'rgx' => $row2['rgx'], + 'name_match' => $row2['name_match'], + 'ver_match' => $row2['ver_match'], + 'ver' => $row2['ver'], 'update_match' => $row2['update_match'], - 'is_os' => ($row2['is_os'] ? true : false), - 'multiple' => ($row2['multiple'] ? true : false) + 'is_os' => ($row2['is_os'] ? true : false), + 'multiple' => ($row2['multiple'] ? true : false) ); } } @@ -9566,42 +9676,44 @@ class db return $ret; } -// }}} -// {{{ STE CLASS FUNCTIONS + // }}} + // {{{ STE CLASS FUNCTIONS /** * Get ST&E data * * @param integer $steID - * ST&E ID to isolate + * ST&E ID to isolate * - * @return array:ste|NULL - * Returns array of ste objects, or null if none found + * @return array:ste|NULL Returns array of ste objects, or null if none found */ public function get_STE($steID = null) { $where = []; - $ret = null; + $ret = null; if ($steID != null) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $steID ]; - } - else { + } else { $where[] = [ 'field' => 'primary', - 'op' => '=', + 'op' => '=', 'value' => 0 ]; } - $this->help->select("ste", null, $where, ['order' => 'eval_start DESC']); + $this->help->select("ste", null, $where, [ + 'order' => 'eval_start DESC' + ]); $ste_rows = $this->help->execute(); if (isset($ste_rows['id'])) { - $ste_rows = [0 => $ste_rows]; + $ste_rows = [ + 0 => $ste_rows + ]; } if (is_array($ste_rows) && count($ste_rows) && isset($ste_rows[0])) { @@ -9609,16 +9721,15 @@ class db $sys = $this->get_System($row['system_id']); if (is_array($sys) && count($sys) && isset($sys[0]) && is_a($sys[0], 'system')) { $sys = $sys[0]; - } - else { + } else { Sagacity_Error::err_handler("Unable to find system for ST&E ID {$row['id']}", E_ERROR); } $site = $this->get_Site($row['site_id']); if (is_array($site) && count($site) && isset($site[0]) && is_a($site[0], 'site')) { $site = $site[0]; - } - else { - Sagacity_Error:err_handler("Unable to find site for ST&E ID {$row['id']}", E_ERROR); + } else { + Sagacity_Error: + err_handler("Unable to find site for ST&E ID {$row['id']}", E_ERROR); } $ste = new ste($row['id'], $sys, $site, $row['eval_start'], $row['eval_end'], $row['multiple'], $row['primary']); @@ -9632,29 +9743,34 @@ class db $ste->set_Status($row['risk_status']); $ste->set_AO($row['ao']); - $this->help->select("people p", ['st.pos', 'p.*'], [ + $this->help->select("people p", [ + 'st.pos', + 'p.*' + ], [ [ 'field' => 'st.ste_id', - 'op' => '=', + 'op' => '=', 'value' => $ste->get_ID() ] - ], [ + ], [ 'table_joins' => [ "JOIN ste_team st ON st.people_id=p.id" ] ]); $people_rows = $this->help->execute(); if (is_array($people_rows) && isset($people_rows['id'])) { - $people_rows = [0 => $people_rows]; + $people_rows = [ + 0 => $people_rows + ]; } if (is_array($people_rows) && count($people_rows) && isset($people_rows[0])) { foreach ($people_rows as $row2) { - $people = new people(); - $people->id = $row2['id']; - $people->org = $row2['org']; - $people->name = $row2['name']; - $people->phone = $row2['phone']; + $people = new people(); + $people->id = $row2['id']; + $people->org = $row2['org']; + $people->name = $row2['name']; + $people->phone = $row2['phone']; $people->position = $row2['pos']; $ste->add_STE_Team_Member($people); @@ -9672,17 +9788,16 @@ class db * Get the subsystems for a particular site * * @param ste $ste_in - * ST&E to get subsystems for + * ST&E to get subsystems for * - * @return array:ste - * Returns the subsystem ST&E, or empty array if none found + * @return array:ste Returns the subsystem ST&E, or empty array if none found */ public function get_Subsystems($ste_in) { $this->help->select("sagacity.ste", null, array( array( 'field' => 'primary', - 'op' => '=', + 'op' => '=', 'value' => $ste_in->get_ID() ) )); @@ -9690,7 +9805,9 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9704,21 +9821,23 @@ class db /** * This function returns ST&E list and creates options for a select box - * Will organize into optgroup tags if subsystems are found + * Will organize into optgroup tags if subsystems are found * - * @param boolean $select_first [optional] - * Force the selection of the first element in the drop-down + * @param boolean $select_first + * [optional] + * Force the selection of the first element in the drop-down * - * @return string|NULL - * Returns a string of option tag elements, or null if none found + * @return string|NULL Returns a string of option tag elements, or null if none found */ public function get_STE_List($select_first = false) { - $ret = ''; + $ret = ''; $stes = $this->get_STE(); if (is_array($stes) && count($stes) && isset($stes['id'])) { - $stes = [0 => $stes]; + $stes = [ + 0 => $stes + ]; } if (is_array($stes) && count($stes) && isset($stes[0])) { @@ -9728,11 +9847,10 @@ class db $subs = $this->get_Subsystems($ste); if (is_array($subs) && count($subs) > 0) { - $ret .= "" . - ""; - } - else { + } else { $ret .= "